You are correct. Different resources do list SSL/TLS in various layers.
This was even discussed by my instructor in training. Basically, the
problem is that the industry is trying to make a real-world application fit
into a logical (or theoretical) model. Unfortunately, SSL does have
characteristics from a variety of different layers, it is not as
cut-and-dried as, say, IP or TCP.
I know that this does not really help you in preparing for your test, but it
just confirms that you are running into a question others have already
asked. Personally, if I were asked, I would say that they are in the
Transport Layer, which I take from the ISC2 endorsed training material from
my course at the Training Camp. The only reference I would take as more
credible would be if someone could tell you what it says in the ISC Official
Study Guide (which I don't have).
Hope that helps some.
Jerry Patterson
Senior IP Security Engineer
Comcast IP Services
"What troubleshooting have you done that makes you believe it's the
firewall?"
------------------------ Yahoo! Groups Sponsor --------------------~-->
Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
Now with Pop-Up Blocker. Get it for free!
http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/kgFolB/TM
--------------------------------------------------------------------~->
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
<*> To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
