On Sunday, August 2, 2015 12:52 PM, John-Mark Gurney wrote: > > ... > It's sounds like you view TLS-use-TCP as doing full certificate parsing > and validation in the kernel, is this correct?
There are multiple ways to implement a shim between application and TCP. If I implemented this in the Windows kernel, I would use the existing kernel API. But I can see many other ways. Your specific question on certificate is a matter of profiles. EKR proposed "ECDH anon with P256 and Curve25519." This is "anonymous Diffie-Helman with elliptic curves." It does not involve any certificate at all. -- Christian Huitema _______________________________________________ Tcpinc mailing list Tcpinc@ietf.org https://www.ietf.org/mailman/listinfo/tcpinc