On 10/20/2015 10:02 PM, Zhouqian (Cathy) wrote: > [Cathy]Yes, both web authentication and overdue use cases could be > considered as captive portals. And I have already sent an email to the > capport mailing list for their comments.
I mentioned capport because it sounds like they are trying to solve the same sort of problem that your solution is trying to solve, not because I think your proposal will be well-received there. I agree with Warren and Joel that directly intercepting TLS connections is not something I want to support. >> In any case, it is far from clear that HTTP-specific issues should be >> handled at >> the TLS layer -- TLS is a generic secure channel protocol used in many >> applications other than HTTPS. > [Cathy] As defined in [RFC 5246], "application protocol > An application protocol is a protocol that normally layers > directly on top of the transport layer (e.g., TCP/IP). Examples > include HTTP, TELNET, FTP, and SMTP.", > the TLS protocol could be used for HTTP applications. > I don't think that's quite the point I was trying to make. HTTPS is HTTP layered on top of TLS, yes, but in order for there to be a separation of layers, TLS should not include any data structures that are only useful for the HTTPS case. This document seems to add a field to TLS that is only used in the HTTPS use case, which seems like a layering violation to me. -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
