[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on Mandatory Ciphers and a Proposal

To: <ietf-tls@xxxxxxxxxxxxx>
Subject: Re: Comments on Mandatory Ciphers and a Proposal
From: Christopher Allen <ChristopherA-Lists@xxxxxxxxxxxxx>
Date: Thu, 24 Jul 1997 15:44:06 -0700
Cc: Keith Moore <moore@xxxxxxxxxx>, jis@xxxxxxx
Reply-to: <ietf-tls@xxxxxxxxxxxxx>

At 3:36 PM -0700 7/24/97, Christopher Allen wrote:
>Allowing Alice Attacker to focus on breaking any MUST cipherspecs, or by
>putting in place a MUST ciphersuite that will have to be replaced in a
>couple of years for security reasons, or that the market just doesn't
>accept that the IESG's decision as to what is "secure enough" is good
>enough -- all of these are bad ideas. There is no harm to strongly
>encouraging with a SHOULD certain ciphersuites, the harm is not mandating
>them.

Last sentence should be:

"There is no harm to strongly encouraging with a SHOULD certain
ciphersuites, the harm *is* mandating certain ciphersuites.

Prev by Date: Re: Comments on Mandatory Ciphers and a Proposal
Next by Date: Re: Comments on Mandatory Ciphers and a Proposal
Previous by thread: Re: Comments on Mandatory Ciphers and a Proposal
Next by thread: Re: Comments on Mandatory Ciphers and a Proposal
Index(es):
- Date
- Thread