Embedded comments....

2009/3/19 weizhong qiang <weizhongqiang@gmail.com>

On Thu, Mar 19, 2009 at 6:27 PM, <m.riedel@fz-juelich.de> wrote:

Hi,

 ok let's put it as follows: I meant "proxy-based TLS == GSI" -

"proxy-based TLS" could also be normal TLS (only difference it that you need to check the delegation chain when verifying; the newer version of openssl itself has supported this, or you can also customize the verifying process of openssl with older version to support verification of delegation chain).

 

Correct.

 

Of cause GSI is also "proxy-based TLS". But I thinks it is not compatible to normal TLS since it use GSIAPI which has some specific protocol.

 

 

I believe GSI-API is just that, a programming API that conforms to RFC 2744 (GSS), and has no protocol restrictions/changes.