                     SecureTransport notes
                       8 Nov 1999 dmitch
                       
Current status of this project:

Note "Version" refers to SSL2 vs. SSL3. "Mode" refers to client vs. server.

-- All modes require domestic CSP. 

-- Both modes require post-Sonata CSP mods which allow 
   specification of raw symmetric key bits. These CSP changes 
   have been checked in prior to 8 Nov 1999.

-- Server mode requires post-Sonata CSP mods which allow 
   asymmetric keys to have multiple KeyUsage flags set - 
   specifically, private keys must be able to sign and 
   decrypt; public keys must be able to verify and encrypt.
   These CSP changes have NOT been checked in as of 8 Nov 1999;
   final implementation pending input from A. Perez. 

-- Client mode works in both versions, both domestic and export. 

-- Server mode works with Netscape client 4.6.1 on Mac. 
   Operation with IE on Mac is flaky - sometimes it works,
   sometimes not. Server untested with Windows clients. 

-- Client authentication is not tested. 

-- No support for session resumption. This needs a thread-safe
   database, to be implemented in appleSession.c.

