[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Re: draft minutes from Chicago meeting
I still think that a good approach to ensure mandatory-to-implement
compatibility is to divide the problem in two. Force servers to
implement
TLS plus one of either the compromise or CRAM-MD5, and force clients to
implement either TLS or the non-TLS option chosen for the server. This
way,
applications that mandate strong authentication can rely on TLS, and
applications that don't can rely on the lighter weight option.
Can someone clarify something for me. Doesn't TLS imply cryptographic
technology which means that we, the server vendors, need to acquire
export licenses from our respective governments?
If it is the case, then we, for one would simply not implement TLS in
the standard product since acquiring export licenses from the US
(because HP is a US company) and the UK (because all development takes
place in the UK) would mean a few months delay on new releases of the
product and about the same delay for each patch that we release.
--
John Haxby
OpenMail R&D