On Tue, Jul 29, 2014 at 7:58 AM, Everhart, Craig <craig.everh...@netapp.com> wrote:
> On 7/29/14 1:58 AM, "Christian Huitema" <huit...@huitema.net> wrote: > > >Let look at TCP + crypto. It has to compete with two established > >standards. > >On one hand, TLS, which is easily deployed but does not protect any of the > >TCP headers. On the other hand, IPSEC, which is harder to deploy but does > >protect the TCP header. A secure version of TCP only makes sense if it > >protects the headers better than TLS and is easier to deploy than IPSEC. > > I don't think TLS is so easy to deploy. TCP is used in a wide variety of > environments; that's one of its attractions. One of the attractions of > TCPcrypt is its aim to be deployable wherever TCP can be, which is a bigger > space than where TLS is convenient. That's my hope for the WG. Can you say more about why TLS is hard to deploy? I'm particularly interested in issues which aren't addressed by my draft. Thanks, -Ekr
_______________________________________________ Tcpinc mailing list Tcpinc@ietf.org https://www.ietf.org/mailman/listinfo/tcpinc