How can I make suggestions for the TLS specifications? I'm having a problem that could be clarified by a change to the spec.
This is the sentence that causes problems for me: "how to initiate TLS handshaking and how to interpret the authentication certificates exchanged are left to the judgment of the designers and implementors of protocols that run on top of TLS". I have two vendors that have implemented software that layers the HL7 protocol on top of TLS. The Epic implementation does not perform a handshake until it has data to send. This could be hours after the TCP connection is established. There is no other TCP communication prior to the handshake (e.g. a STARTTLS command). The Infor Cloverleaf implementation times out waiting for a handshake, and the software becomes unresponsive while this is happening. It would be helpful if the TLS spec added something like this: If protocols that are layered on top of TLS use implicit encryption (relying on a port number rather than an explicit command that is issued before the handshake), then the handshake should begin immediately after the TCP/IP socket connection is established. I have no idea how suggestions like this make it into the spec, so if I need to suggest this somewhere else, please let me know. David Barr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
