If you beleive that there is an attack that SSL is vulnerable to you
should bring it up in TLS.
I think Iljitsch meant that TLS cannot protect against TCP
vulnerabilities, such as spoofed connection resets. This is obviously
The upside of TLS has of course been that its been extremely easy to
deploy. That's the experiment the planet has been running for the last
decade, and I think the results speak for themselves ;-)
Now, if we had a proposal that turned IPsec into as easily deployable
between random clients and known servers as TLS, I would be interested
in a new experiment! But I did not see a proposal for that yet. Maybe
time for that draft that Phillip suggested in another thread, Iljitsch?
IETF mailing list