Re: question on cipher suites

[Pete Wenzel <pete@xxxxxxxxxxxxx>]

Kyle, I'm merely an observer of EDIINT's activities, but this caught
my eye.  I think that if you expect ASx to have a life far beyond its
publication date, it should not be so firmly tied to whatever
algorithms are currently in vogue.  Partners and communities have
different requirements, and those requirements may change over time;
they can and do specify them in the form of deployment profiles and
trading partner agreements.

The nice thing about SSL/TLS negotiation is that lack of a common
ciphersuite leads to a precise and predictable failure state that can
easily be reported by one's application in explicit detail; there
should be no mystery about why the client and server don't
interoperate, and what one must do to fix the problem.

--Pete

Thus spoke Kyle Meadors (kyle@xxxxxxxxxxxxxxxxx) on Tue, Jun 21, 2005 at 01:58:56PM -0500:
> An issue was recently brought up in regards to using TLS in AS3. Within the
> TLS handshaking, the connecting AS3 application only uses one cipher, 3DES,
> in the handshaking. In this case, the FTP server receiving the connection
> does not support 3DES but does support others. Since the AS3 app does not
> support anything but 3DES, it can not work through the handshaking to find a
> cipher both agree on.
> 
> Would it be necessary to state something within the AS3 draft about
> supporting a specific set of ciphers. Or, is this outside the scope of AS3
> since it may lie only with the FTP server be beyond the control of the AS3
> application.

-- 
Pete Wenzel <pete@xxxxxxxxxxxxx>
Senior Architect, SeeBeyond
Standards & Product Strategy
+1-626-471-6311 (US-Pacific)