> As for having to re-do auth, privacy, etc., it seems odd not to just > standardize a TCP service and use SSL if encryption/authentication > is desired. Especially since, in the huge-horking-central-logserver > scenario, SSL would let you use commodity SSL accellerators to buy > the needed performance.
and this works great, right until someone decides they have a requirement for a security technology not met by ssl, at which point it's fatal. there's 20 years of experience in designing application protocols that says you want to make stuff like this negotiatiable. just picking one (and having an option to turn it on or off) lacks durability... /mtr
