[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: My two cents on TLS mandatory ciphers

To: <ietf-tls@xxxxxxxxxxxxx>, ietf-tls@xxxxxxxxxxxxx
Subject: Re: My two cents on TLS mandatory ciphers
From: Ned Smith <nsmith@xxxxxxxxxxxxxxxxxx>
Date: Tue, 15 Jul 1997 15:33:53 -0700
Reply-to: <ietf-tls@xxxxxxxxxxxxx>

At 03:03 PM 7/14/97 +0100, Jeff Williams wrote:
>somebody wrote:
>> 
>> On Mon, 14 Jul 1997, David P. Kemp wrote:
>> > I have seen only two rationales for using MUST instead of SHOULD:
>> >
>> > 1) mandatory is necessary to ensure interoperability.
>> > 2) the IESG remanded the document for lack of a MUST.
>> >
>> > Neither of those reasons is persuasive*.  If you want to convince the
>> > working group, you're going to have to come up with a better set of
>> > reasons than those.
>> 
>> Perhaps not to persuasive to you, but both are substantive points.  I have
>> countered every objection to a mandatory cipher suite with a specific
>> counter-proposal.
>> 
>> Nobody has countered point (1), except by reference to an unexplained
>> proprietary mechanism which is not required by TLS and thus not relevant.
>> Nobody has countered point (2), which must be addressed if we want a TLS
>> standard.
>
>  Well I cannot say much in response to "2".  But I have countered

Clearly the IETF cannot create a standard that dictates the security policy
of the users of that protocol! It behooves us to get clarification from the
IESG regarding response #2. I find it hard to believe the IESG would
knowingly dictate/mandate site security policy. We must stick to good
design priciples of separating policy from mechanism. Tim's proposal
identifying SHOULDs instead of MUSTs is sensitive to this priciple while
maximizing the potential for interorability. A protocol that forces me to
use an unsafe protocol is itself an attack. We cannot mandate a perfect
policy since threat follows value.

At the last IETF meeting it was decided that there would be a companion
working group to define ciphersuites and assign name space. This is still
the best way to achieve interoperability between TLS endpoints. IMO this
thread of discussion rightly belongs in that new working group. Historical
precedent in the IETF might require protocols to interoperatate, but
security in the IETF is largely unprecedented.

Regards,
Ned Smith 
Ned Smith                 Intel Architecture Labs 
JF2-74  2111 N.E. 25th Ave.  Hillsboro, OR. 97124
Ph: 503.264.2692 Fax: x1805  Mailto:nsmith@xxxxxxxxxxxxxxx
Http://www.intel.com/ial/security/index.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Prev by Date: Re: My two cents on TLS mandatory ciphers [Long]
Next by Date: Re: My two cents on TLS mandatory ciphers
Previous by thread: Re: My two cents on TLS mandatory ciphers
Next by thread: Re: My two cents on TLS mandatory ciphers
Index(es):
- Date
- Thread