[Standards] certification etc.

Ian Paterson ian.paterson at clientside.co.uk
Wed Mar 28 11:24:10 UTC 2007


Fletcher, Boyd C. CIV US USJFCOM JFL J9935 wrote:
> 4) agree further discussion is needed but i haven't heard any technical arguments on why stream compression should not be required for clients.
>   

IMHO before including a feature in the requirements we should consider 
whether it is both:

1. Important for the majority of deployments
2. Important enough to require clients to offer it


RFC 3920 (rightly) says that clients SHOULD use TLS (and they do). 
Therefore, stream compression will probably only ever be used in a 
minority of deployments. I strongly support the use of stream 
compression for those special case deployments. However, I'm not 
convinced that clients, whose authors are not targeting those special 
cases, should be denied a certificate unless they support them.

I think someone may have already suggested that new certificates with 
different compliance requirements could be designed for common special 
cases. For example, a certificate for clients designed for military 
deployments (there are, after all, plenty of client developers who are 
interested in supplying the military). The XSF is probably not the best 
organization to specify the requirements for all such specialized 
certificates.

- Ian




More information about the Standards mailing list