[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Re: draft minutes from Chicago meeting

To: howes@netscape.com, johns@cisco.com
Subject: RE: Re: draft minutes from Chicago meeting
From: John Haxby <jch@pwd.hp.com>
Date: Tue, 29 Sep 1998 09:20:22 +0100
Cc: ietf-ldapext@netscape.com, M.Wahl@INNOSOFT.COM
Content-disposition: inline; filename="BDY.TXT"
Resent-date: Tue, 29 Sep 1998 01:20:44 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"pLIEF.0.Ez5.QX94s"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com


I still think that a good approach to ensure mandatory-to-implement
compatibility is to divide the problem in two. Force servers to 
implement
TLS plus one of either the compromise or CRAM-MD5, and force clients to
implement either TLS or the non-TLS option chosen for the server. This 
way,
applications that mandate strong authentication can rely on TLS, and
applications that don't can rely on the lighter weight option.

Can someone clarify something for me.  Doesn't TLS imply cryptographic 
technology which means that we, the server vendors, need to acquire 
export licenses from our respective governments?

If it is the case, then we, for one would simply not implement TLS in 
the standard product since acquiring export licenses from the US 
(because HP is a US company) and the UK (because all development takes 
place in the UK) would mean a few months delay on new releases of the 
product and about the same delay for each patch that we release.

--
John Haxby
OpenMail R&D

Prev by Date: Re: draft minutes from Chicago meeting
Next by Date: RE: Re: draft minutes from Chicago meeting
Index(es):
- Chronological
- Thread