[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed Extensions to TLS for OpenPGP

To: ietf-tls@xxxxxxxxxxxxx
Subject: Re: Proposed Extensions to TLS for OpenPGP
From: Tom Weinstein <tomw@xxxxxxxxxxxx>
Date: Mon, 29 Dec 1997 21:43:21 -0800
Cc: ietf-open-pgp@xxxxxxx
Organization: Netscape Communications, Inc.
References: <>
Sender: owner-ietf-open-pgp@xxxxxxx

EKR wrote:
> 
> I see several problems here:
> 1. While overloading the cipherSuites mechanism is convenient and
> backwards compatible, it strikes me as ill-advised. In the limit,
> we end up with a large number of cipherSuites that differ only
> in the types of certificational material they provide. This
> fragments effort. Here you call out an RSA/3DES/RIPEMD mode.
> If that's a good idea, wouldn't it be a good idea with X.509
> certificates as well?
> 
> Algorithm choice is largely orthogonal to certificate format and
> should be represented as such. That does seem to be a missing
> capability in TLS. We should add it rather than hacking around
> it.

Agreed.  Rather than overloading cipherSuites with information about cert
formats, I think it would be better to extend TLS to provide for cert
format negotiation.

-- 
What is appropriate for the master is not appropriate| Tom Weinstein
for the novice.  You must understand Tao before      | tomw@xxxxxxxxxxxx
transcending structure.  -- The Tao of Programming   |

Follow-Ups:
- Re: Proposed Extensions to TLS for OpenPGP
  - From: Jeff Williams

References:
- Re: Proposed Extensions to TLS for OpenPGP
  - From: EKR

Prev by Date: Re: Proposed Extensions to TLS for OpenPGP
Next by Date: Re: Proposed Extensions to TLS for OpenPGP
Previous by thread: Re: Proposed Extensions to TLS for OpenPGP
Next by thread: Re: Proposed Extensions to TLS for OpenPGP
Index(es):
- Date
- Thread