[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: My two cents on TLS mandatory ciphers

To: ietf-tls@xxxxxxxxxxxxx
Subject: Re: My two cents on TLS mandatory ciphers
From: Chris Newman <chris+ietf-tls@xxxxxxxxxxxx>
Date: Fri, 18 Jul 1997 15:37:51 -0700 (PDT)
Reply-to: <ietf-tls@xxxxxxxxxxxxx>

On Tue, 15 Jul 1997, Ned Smith wrote:
> Clearly the IETF cannot create a standard that dictates the security policy
> of the users of that protocol!

IETF protocols mandate how two endpoints will successfully interoperate
with each other while meeting the primary goals of the protocol.  Users
who don't care about interoperability can do what they want.

> At the last IETF meeting it was decided that there would be a companion
> working group to define ciphersuites and assign name space. This is still
> the best way to achieve interoperability between TLS endpoints.

TLS endpoints only interoperate if they have a cipher suite in common. 
Defining new cipher suites harms interoperability unless there is a
mandatory baseline cipher suite.

> IMO this thread of discussion rightly belongs in that new working group.

If TLS isn't completed, then the proposed new working group probably won't
be approved by the IESG.

> Historical
> precedent in the IETF might require protocols to interoperatate, but
> security in the IETF is largely unprecedented.

So you're suggesting that security dictates the IETF stop producing
interoperable protocols?  I'm really flabbergasted by the opposition to
interoperability.  Since the primary purpose of a standards process is
interoperability, I don't know why you're bothering with the IETF if you
just want to do your own thing and don't care about interoperability.

		- Chris

Prev by Date: Re: Question on TLS wire format
Next by Date: Re: My two cents on TLS mandatory ciphers
Previous by thread: Re: My two cents on TLS mandatory ciphers
Next by thread: Re: My two cents on TLS mandatory ciphers
Index(es):
- Date
- Thread