On Thu, 24 Apr 2003 at 14:14:25 -0700 Marshall Rose said:
[ speaking as the beep guy, and not the co-chair... ]
> I'm not sure how much of an advantage BEEP's security mechanisms turn
> out to be. It doesn't seem to have any specific support for detailed
> security policy, ...
nor would you want it to, given that security policies are
either domain-specific or are so general as to lack meaning.
The expression of security policy in the TLS context comes down to a
list of cryptographic preferences. I didn't see any way through BEEP
to encode anything about TLS negotiations. Perhaps I'm not
sufficiently adept at BEEP navigation to find the profile document -
all I saw was a URI, and my assumption was that the single option was
"do TLS". What document shows how to encode a request for mutual
authentication, encryption algorithm, authentication mechanism?
Hilarie