[Standards] certification etc.
ian.paterson at clientside.co.uk
Wed Mar 28 11:24:10 UTC 2007
Fletcher, Boyd C. CIV US USJFCOM JFL J9935 wrote:
> 4) agree further discussion is needed but i haven't heard any technical arguments on why stream compression should not be required for clients.
IMHO before including a feature in the requirements we should consider
whether it is both:
1. Important for the majority of deployments
2. Important enough to require clients to offer it
RFC 3920 (rightly) says that clients SHOULD use TLS (and they do).
Therefore, stream compression will probably only ever be used in a
minority of deployments. I strongly support the use of stream
compression for those special case deployments. However, I'm not
convinced that clients, whose authors are not targeting those special
cases, should be denied a certificate unless they support them.
I think someone may have already suggested that new certificates with
different compliance requirements could be designed for common special
cases. For example, a certificate for clients designed for military
deployments (there are, after all, plenty of client developers who are
interested in supplying the military). The XSF is probably not the best
organization to specify the requirements for all such specialized
More information about the Standards