[apps-discuss] For consideration as an appsawg document: draft-hoffman-server-has-tls-03.txt

[Paul Hoffman <paul.hoffman@vpnc.org>]

Greetings again. I would like this WG to consider adopting the following 
draft as a WG item. It is definitely apps-related, and there is no other 
appropriate WG in the Applications or Security areas for it. It has been 
discussed in the websec WG, but that WG is limited to HTTP only (and 
this document covers TLS for all application protocols).

FWIW, some of the topics in this draft are quite open for active 
discussion. The discussion in websec brought up some interesting issues, 
but they got discussed in the HTTP context only, and this WG would be a 
better place to discuss them for all server protocols.

--Paul Hoffman

A New Internet-Draft is available from the on-line Internet-Drafts 
directories.

	Title           : Specifying That a Server Supports TLS
	Author(s)       : P. Hoffman
	Filename        : draft-hoffman-server-has-tls-03.txt
	Pages           : 8
	Date            : 2011-01-16

A server that hosts applications that can be run with or without TLS
may want to communicate with clients whether the server is hosting an
application only using TLS or also hosting the application without
TLS.  Many clients have a policy to try to set up a TLS session but
fall back to insecure if the TLS session cannot be set up.  If the
server can securely communicate whether or not it can fall back to
insecure tells such a client whether or not they should even try to
set up an insecure session with the server.  This document describes
the use cases for this type of communication and a secure method for
communicating that information.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-hoffman-server-has-tls-03.txt