[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS/SSL future direction



At 4:20pm Jan 2, 2002, Howard Chu wrote:

> TLS is the standards-based name for SSL version 3.1. They are usually
> mentioned together because they are nearly identical. We use them together
> because the same library (OpenSSL) provides SSLv2, SSLv3, and SSLv3.1/TLS 
> implementations for us.

TLS is the successor to SSL. There will be no (IETF-blessed) SSL protocols
beyond version 3. TLS is an IETF standard, with an IETF Working Group
established to direct future versions of TLS. The biggest concerns of that
working group, FWIW, seem to be
 - implementing new ciphers (e.g. the new NIST standard)
 - accomodating low-power (mobile) devices
 - accomodating name-based virtual hosting on a single IP/port combo
 - facilitating similar enhancements/extensions
 - crypto performance
 - encouraging the best security

-Peter