On 10-Jun-20 11:52, Michael Thomas wrote: > > On 6/8/20 1:57 PM, Brian E Carpenter wrote: >> On 09-Jun-20 07:02, Nico Williams wrote: >>> On Mon, Jun 08, 2020 at 11:23:09AM -0700, Michael Thomas wrote: >>>> ssl had the advantage that it 1) beat ipsec to market, and 2) wasn't subject >>>> to API differences from OS layer calls like IPsec was, and with quite a bit >>>> of churn as i recall too. it's really too bad, imo. we wouldn't have had to >>>> do the contortions of dtls, for example. and now there's this problem. none >>>> of them are earth shattering, but it would have been cleaner. >>> You can sprinkle TLS anywhere you have an octet stream. You can >>> sprinkle DTLS anywhere you have datagram flows. >> Unless someone says "multicast". > > > Hasn't that word been obsoleted and reserved for future use? :) As a desirable function, certainly not. As a feature that is intrinsic to your favourite L2 technology, and therefore a fairly simple add-on to layer 3, its days are numbered. As an easy thing to secure, hmm. Brian
