Re: Proposed Extensions to TLS for OpenPGP

[Jeff Williams <jwkckid1@xxxxxxxxxxxxx>]

Tom and all,

Tom Weinstein wrote:
> 
> EKR wrote:
> >
> > I see several problems here:
> > 1. While overloading the cipherSuites mechanism is convenient and
> > backwards compatible, it strikes me as ill-advised. In the limit,
> > we end up with a large number of cipherSuites that differ only
> > in the types of certificational material they provide. This
> > fragments effort. Here you call out an RSA/3DES/RIPEMD mode.
> > If that's a good idea, wouldn't it be a good idea with X.509
> > certificates as well?
> >
> > Algorithm choice is largely orthogonal to certificate format and
> > should be represented as such. That does seem to be a missing
> > capability in TLS. We should add it rather than hacking around
> > it.
> 
> Agreed.  Rather than overloading cipherSuites with information about cert
> formats, I think it would be better to extend TLS to provide for cert
> format negotiation.

  I totaly agree.  Hence on of the reasons we went ahead and developed
our
"Interface Facility (MLPI)" which incorporates this capability for any
set of ciphersuites for most cert formats.  I came to this conclusion
over a year ago.
> 
> --
> What is appropriate for the master is not appropriate| Tom Weinstein
> for the novice.  You must understand Tao before      | tomw@xxxxxxxxxxxx
> transcending structure.  -- The Tao of Programming   |

Regards,
-- 
Jeffrey A. Williams
DIR. Internet Network Eng/SR. Java Development Eng.
Information Eng. Group. IEG. INC. (Soon to be INEG. INC) Stay tunned! 
Phone :913-294-2375 (v-office)
E-Mail jwkckid1@xxxxxxxxxxxxx

Wisdom:   "One who knows others is wise,
           one who knows himself is enlightened."
           Lao Tzu