Re: [dix] DRAFT: WAE BOF minutes

Richard Megginson <rmeggins@redhat.com> Thu, 20 July 2006 14:58 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G3ZyT-0006T7-P9; Thu, 20 Jul 2006 10:58:01 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G3ZyS-0006Rt-0a for dix@ietf.org; Thu, 20 Jul 2006 10:58:00 -0400
Received: from mx1.redhat.com ([66.187.233.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G3Zx6-0006jq-Jk for dix@ietf.org; Thu, 20 Jul 2006 10:56:38 -0400
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k6KEuavL013998 for <dix@ietf.org>; Thu, 20 Jul 2006 10:56:36 -0400
Received: from potter.sfbay.redhat.com (potter.sfbay.redhat.com [172.16.27.15]) by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id k6KEuZSi010696 for <dix@ietf.org>; Thu, 20 Jul 2006 10:56:35 -0400
Received: from [172.16.26.6] (vpn26-6.sfbay.redhat.com [172.16.26.6]) by potter.sfbay.redhat.com (8.12.8/8.12.8) with ESMTP id k6KEuXck029479 for <dix@ietf.org>; Thu, 20 Jul 2006 10:56:34 -0400
Message-ID: <44BF9A0B.7010403@redhat.com>
Date: Thu, 20 Jul 2006 08:58:19 -0600
From: Richard Megginson <rmeggins@redhat.com>
Organization: Directory & Security Products
User-Agent: Thunderbird 2.0a1 (X11/20060719)
MIME-Version: 1.0
To: Digital Identity Exchange <dix@ietf.org>
Subject: Re: [dix] DRAFT: WAE BOF minutes
References: <198A730C2044DE4A96749D13E167AD37BD6557@MOU1WNEXMB04.vcorp.ad.vrsn.com> <20060718194907.GW21538@binky.Central.Sun.COM> <86mzb67itl.fsf@raman.networkresonance.com> <44BD56D6.8030502@secure-endpoints.com> <86fygy7fdq.fsf@raman.networkresonance.com> <44BD5C25.4080002@secure-endpoints.com> <1b587cab0607190401x421492f2p19e3bb686e75777a@mail.google.com> <44BE3622.6090504@secure-endpoints.com> <1b587cab0607190658m66dacc79p7a75dcb8285a5270@mail.google.com>
In-Reply-To: <1b587cab0607190658m66dacc79p7a75dcb8285a5270@mail.google.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f49c97ce49302a02285a2d36a99eef8c
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1141216467=="
Errors-To: dix-bounces@ietf.org

Ben Laurie wrote:
> On 7/19/06, Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
>> Ben Laurie wrote:
>> > I'd note that most of the work of supporting these things has to be
>> > done in OpenSSL, and unlike Apache, OpenSSL does not have a large
>> > funded development community.
>> >
>> > Expecting volunteers to rush to implement every cute TLS feature is
>> > asking a lot. The way to make this happen is to find money for OpenSSL
>> > development.
>>
>> Ben:
>>
>> I am very well aware that compared to the applications that use OpenSSL,
>> those working on OpenSSL find it next to impossible to obtain
>> contributions to support their efforts.  Individuals and small
>> businesses are not going to write a check for OpenSSL (or an OpenSSL
>> contributor) to develop this code.   That's not how people think.
>>
>> Instead someone will write a check to Apache to implement support
>> for said feature because they want it in their web server.  The Apache
>> folks will respond with (a) once OpenSSL gives it to us we will have
>> it so don't worry about it; and (b) it won't do you any good anyway
>> because the browsers, webdav clients, etc. don't implement it.
>>
>> We are therefore left with a serious catch-22.  The only way that we
>> can get functionality like this implemented is to first obtain agreement
>> from the client and server vendors.  Only then might it become
>> reasonable to expect end users to step up with funding.
>
> Browsers seem to be implementing these features faster. I'm told SNI
> is in most major browsers now, for example.
>
> What would help, actually, is keeping a league table of features and
> where they're implemented, and thus making it obvious which ones have
> to be done to make a feature useful.
There is another crypto implementation for Apache - mod_nss - 
http://directory.fedora.redhat.com/wiki/Mod_nss

mod_nss uses Mozilla NSS for crypto - 
http://www.mozilla.org/projects/security/pki/nss/ - which is the same 
crypto found in Firefox/Thunderbird.  NSS is actively maintained and 
developed by Red Hat, Sun, and others in the Mozilla and open source 
community.
>
> Cheers,
>
> Ben.
>
>>
>> Jeffrey Altman
>>
>>
>>
>> _______________________________________________
>> dix mailing list
>> dix@ietf.org
>> https://www1.ietf.org/mailman/listinfo/dix
>>
>>
>>
>>
>
> _______________________________________________
> dix mailing list
> dix@ietf.org
> https://www1.ietf.org/mailman/listinfo/dix
_______________________________________________
dix mailing list
dix@ietf.org
https://www1.ietf.org/mailman/listinfo/dix