On Thu, Sep 20, 2001 at 01:00:46AM +0000, M. Drew Streib <[EMAIL PROTECTED]> wrote:
| On Thu, Sep 20, 2001 at 10:47:15AM +1000, Cameron Simpson wrote:
| > That way we could do SMTP over SSL etc etc transparently: clients connect,
| > say "SSL", if rejected either fall back or fall out, and if accepted
| > then away we all go.
| >
| > Is there some technical reason for not doing things this way?
|
| Other than an extra couple tcp transmissions, not too many. It does
| probably break about all existing protocols though, at least as written,
| since the SSL handshake would fall outside of the bounds of the protocol.
| Implementing this on SMTP, for instance, would require more than SMTP,
| but would be SMTP+SSLoption, which _may_ be fully backwards compatible,
| but certainly not "compliant", as it implements non-standard behavior.
Yeah, but a server not implementing the request should return a 5xx error.
It's not like the client should proceed with the SSL stuff unless it
gets a "2xx Yeah I speak SSL." and therefore nothing should break.
| Even if the initial request were inside of the bounds of the protocol,
| as in "Renegotiate: SSL" as an http header, the followup
| handshake and subsequent transmission certainly wouldn't be standard.
For HTTP you'd return a 4xx or 5xx error of some kind, surely?
| This may not bother you from a technical perspective, but might upset
| people that are purists at the wire protocol level.
Shouldn't if the spec makes sure things don't ascend (descend?) into SSL
without acceptance on both ends...
| It is something
| that certainly could be debated, either for an individual protocol,
| or across the spectrum. Nothing to stop rsync from implementing something
| like this, since it is sort of in charge of its own protocol development...
Well, it'd be handy in rsync if only as a proof of concept.
| I'd be interested in seeing an IETF proposal for something like this,
| just for public debate.
I'll try to find out how to write one and submit it then...
--
Cameron Simpson, DoD#743 [EMAIL PROTECTED] http://www.zip.com.au/~cs/
Will Hack Perl for Fine Food and Fun.
- Tom Christiansen <[EMAIL PROTECTED]>
