On Sat, 2015-01-03 at 23:58 +0000, David Woodhouse wrote: > > Said that, I'd like the current openconnect protocol to be better, and > > standardized, and it is one of my goals this year to write a draft > > description of the protocol, possibly enhancing it as well by > > eliminating the hacks from it, like the openssl string negotiation, and > > the explicitly transferred DTLS key. > > I'd like that too, but I don't think Cisco are going to be at all > interested. Which leaves us either constrained to being compatible with > their protocol (including future developments of it which might even be > *intended* to break us), or accepting that we have forked it > incompatibly. I think the reason we have multiple SSL VPNs is because there is no documented protocol for it, which works well. Once there is a documented protocol there will be very little incentive for each company to reinvent the wheel and define one. I think it is better in the long term, and more reasonable, to work towards a standardized protocol, rather than spending resources in reverse engineering and implementing every protocol out there. regards, Nikos
