[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: My two cents on TLS mandatory ciphers

To: ietf-tls@xxxxxxxxxxxxx
Subject: Re: My two cents on TLS mandatory ciphers
From: Jeff Williams <jwkckid1@xxxxxxxxxxxxx>
Date: Fri, 18 Jul 1997 19:17:39 +0100
Reply-to: <ietf-tls@xxxxxxxxxxxxx>

Chris and all,

Chris Newman wrote:
> 
> On Tue, 15 Jul 1997, Ned Smith wrote:
> > Clearly the IETF cannot create a standard that dictates the security policy
> > of the users of that protocol!
> 
> IETF protocols mandate how two endpoints will successfully interoperate
> with each other while meeting the primary goals of the protocol.  Users
> who don't care about interoperability can do what they want.

  I don't think this is the case here.
> 
> > At the last IETF meeting it was decided that there would be a companion
> > working group to define ciphersuites and assign name space. This is still
> > the best way to achieve interoperability between TLS endpoints.
> 
> TLS endpoints only interoperate if they have a cipher suite in common.
> Defining new cipher suites harms interoperability unless there is a
> mandatory baseline cipher suite.

  Lthough it is easier to interoperate as you discribe here it IS NOT
necessary.  This has already been proven.  I don't understand why you
seem to insist on this.  ????  (Shrug)
> 
> > IMO this thread of discussion rightly belongs in that new working group.
> 
> If TLS isn't completed, then the proposed new working group probably won't
> be approved by the IESG.
> 
> > Historical
> > precedent in the IETF might require protocols to interoperatate, but
> > security in the IETF is largely unprecedented.
> 
> So you're suggesting that security dictates the IETF stop producing
> interoperable protocols?  I'm really flabbergasted by the opposition to
> interoperability.  Since the primary purpose of a standards process is
> interoperability, I don't know why you're bothering with the IETF if you
> just want to do your own thing and don't care about interoperability.

  No, Ned was not suggesting that IETF stop producing interoperable
protocols, rather that they have flexibility on HOW that is achieved.
So, IMHO, I find your conclusion(s)are not valid. 
> 
>                 - Chris

Regards,
-- 
Jeffrey A. Williams
DIR. Internet Network Eng/SR. Java Development Eng.
Information Eng. Group. IEG. INC. 
Phone :913-294-2375 (v-office)
E-Mail jwkckid1@xxxxxxxxxxxxx

Prev by Date: Re: My two cents on TLS mandatory ciphers
Next by Date: Re: My two cents on TLS mandatory ciphers
Previous by thread: Re: My two cents on TLS mandatory ciphers
Next by thread: Re: My two cents on TLS mandatory ciphers
Index(es):
- Date
- Thread