rsalz at akamai.com
Mon May 20 14:23:10 UTC 2019
> I don't see it that way. As I understand it this is a completely different
protocol to standard TLS.
That's an interesting point, but ... they use the SSL "name."
> It is not intended to interoperate with it in any way.
Is that true? I didn't look closely at the protocol changes, but maybe you're right. On the other hand, if so, then why keep the existing IETF numbers?
> As a completely different protocol they can use whatever codepoints they want to
use as they see fit - and there is no conflict with IETF specifications.
If you are correct, then yes I agree. But that makes any OpenSSL integration that much harder, doesn't it? Would the project take on the work of making things like the apps and tests work? In particular, a new global flag saying "tnssl" (or such), and failing to interop with existing TLS, checking the modified cipher suites (and disallowing them for real TLS), etc.
More information about the openssl-project