[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Comments on Mandatory Ciphers and a Proposal

To: "'ietf-tls@xxxxxxxxxxxxx'" <ietf-tls@xxxxxxxxxxxxx>
Subject: RE: Comments on Mandatory Ciphers and a Proposal
From: Dan Simon <dansimon@xxxxxxxxxxxxx>
Date: Thu, 24 Jul 1997 15:28:37 -0700
Reply-to: <ietf-tls@xxxxxxxxxxxxx>

Comment below....

> From:	dpkemp@xxxxxxxxxxxxxx [SMTP:dpkemp@xxxxxxxxxxxxxx]
> 
> Two methods of achieving clean reuse have been proposed:
> 
> 1) Have the Technical Standard for TLS and the Applicability Statement
>    for particular ciphersuites appear in separate RFCs, and
> 
> 2) Allow the TLS Applicability Statement be reused without overriding
> it
>    by designating the preferred ciphersuites as SHOULDs instead of
> MUSTs.
> 
> Most of the TLS working group is in favor of option 2 (although I
> would
> like to hear the opinions of those who haven't chimed in yet - Dan
> Simon,
> Tatu, ekr, eay (who probably isn't reading email while on vacation
> :-),
> Paul Hoffman, etc.).
> 
> 
In case my previous posting to this list didn't make it clear, I agree
wholeheartedly with the majority that option 2 is preferable.  The whole
idea of interoperability taking precedence over everything else may make
sense for other types of protocol, which exist only to make
communication feasible.  Security protocols, though, also exist to make
certain kinds of communication *infeasible*.  Sometimes, two people
should *not* be able to talk to each other, if their security policies
are incompatible.  I find it sad that those at the IESG who are
responsible for security issues don't understand this basic point.

As for option 1, I don't consider particular applications to have
security requirements any more than particular protocols do.  *Users*
have security requirements, and applications and protocols exist to meet
those requirements.  If a group of vendors and customers come to agree
that triple-DES is not secure enough for them, and that IDEA or Blowfish
or RC5 or whatever is more trustworthy, then those people are as
entitled to the benefits of the IETF standards process as anyone with a
DES-trusting security policy.  For the IETF to declare, in effect, that
they only care to work with people who are satisfied with triple-DES for
some application or other (let alone for all applications) is both
short-sighted (since their disdain for alternate cryptographic choices
may one day turn out in retrospect to have been misplaced) and
narrow-minded.

				Daniel Simon
				Cryptographer, Microsoft Corp.
				(dansimon@xxxxxxxxxxxxx)

Prev by Date: Re: Attack against handshake protocol
Next by Date: Re: Comments on Mandatory Ciphers and a Proposal
Previous by thread: Re: Comments on Mandatory Ciphers and a Proposal
Next by thread: Re: Comments on Mandatory Ciphers and a Proposal
Index(es):
- Date
- Thread