Phillip, Iljitsch, > If you beleive that there is an attack that SSL is vulnerable to you > should bring it up in TLS. I think Iljitsch meant that TLS cannot protect against TCP vulnerabilities, such as spoofed connection resets. This is obviously well known. The upside of TLS has of course been that its been extremely easy to deploy. That's the experiment the planet has been running for the last decade, and I think the results speak for themselves ;-) Now, if we had a proposal that turned IPsec into as easily deployable between random clients and known servers as TLS, I would be interested in a new experiment! But I did not see a proposal for that yet. Maybe time for that draft that Phillip suggested in another thread, Iljitsch? Jari _______________________________________________ IETF mailing list IETF@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf