[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: SMTP Service Extension for Secure SMTP over TLS to Proposed Standard

To: Keith Moore <moore@xxxxxxxxxx>
Subject: Re: Last Call: SMTP Service Extension for Secure SMTP over TLS to Proposed Standard
From: Eric Rescorla <ekr@xxxxxxxx>
Date: Fri, 27 Jul 2001 22:57:29 -0700
Cc: Todd Vierling <tv@xxxxxxxxx>, Bodo Moeller <moeller@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>, ietf-apps-tls@xxxxxxx, ietf-smtp@xxxxxxx, phoffman@xxxxxxx
In-reply-to: Your message of "Sat, 28 Jul 2001 00:27:48 EDT." <>
List-archive: <http://www.imc.org/ietf-apps-tls/mail-archive/>
List-id: <ietf-apps-tls.imc.org>
List-unsubscribe: <mailto:ietf-apps-tls-request@imc.org?body=unsubscribe>
Sender: owner-ietf-apps-tls@xxxxxxxxxxxx

> > There are three primary cryptographic changes between SSLv3 and
> > TLS:
> 
> at least one other significant change comes to mind - TLS requires 
> implementation of TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA.
True, but this isn't a *cryptographic* change, it's simply a policy
change. SSLv3 included an equivalent cipher suite. 

In any case, I don't really see why this change is relevant to this
discussion: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is a must *implement*,
not a must *speak*. Since most servers have RSA certificates, even if
the implementation supports DSS ciphersuites, in practice the servers
do not. An implementation certainly cannot support only
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA and have any confidence
that it will be able to interoperate with other implementations
in practice.

-Ekr

References:
- Re: Last Call: SMTP Service Extension for Secure SMTP over TLS to Proposed Standard
  - From: Keith Moore

Prev by Date: Re: Last Call: SMTP Service Extension for Secure SMTP over TLS to Proposed Standard
Next by Date: FTP over SSL
Previous by thread: Re: Last Call: SMTP Service Extension for Secure SMTP over TLS to Proposed Standard
Next by thread: Changes after IETF last call for 2487bis
Index(es):
- Date
- Thread