On May 2, 2007, at 3:11 AM, Magnus Hagander wrote:
>> As to the question of GSSAPI vs SSL, I would never argue we don't
>> want both.
>>
>> Part of what made the GSSAPI encryption mods difficult was my intent
>> to insert them "above" the SSL encryption/buffering layer. That way
>> you could double-encrypt the channel. Since GSSAPI and SSL are
>> (probably, not necessarily) referenced to completely different ID
>> infrastructure there are scenarios where that's beneficial.
>
> We might want to consider restructuring how SSL works when we do, that
> might make it easier. The way it is now with #ifdefs all around can
> lead to
> a horrible mess if there are too many different things to choose from.
> Something like "transport filters" or whatever might be a way to do
> it. I
> recall having looked at that at some point, but it was too long ago to
> remember any details..
>
> //Magnus
If someone wants to make it easier, that would be nice, I'm not up
for it, I don't think.
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu