[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on Mandatory Ciphers and a Proposal

To: Christopher Allen <ChristopherA-Lists@xxxxxxxxxxxxx>
Subject: Re: Comments on Mandatory Ciphers and a Proposal
From: Keith Moore <moore@xxxxxxxxxx>
Date: Thu, 24 Jul 1997 21:16:38 -0400
Cc: ietf-tls@xxxxxxxxxxxxx, Jeff Schiller <jis@xxxxxxx>, moore@xxxxxxxxxx
Reply-to: <ietf-tls@xxxxxxxxxxxxx>

> >If a application uses TLS, the specification for that application
> >needs to specify which ciphersuites an implementation must support.
> >But a different application could choose a different set of
> >ciphersuites.  We don't expect an SMTP client be able to talk to a POP
> >server.  Neither is there a requirement that an SMTP+TLS client be
> >able to talk to a POP+TLS server.
> 
> Given this, you seem to be agreeing that TLS should not be mandating
> ciphersuites, that instead the POP (or SMTP, or HTTP) working groups
> should. 

Part of the problem is that people expect to be able to add TLS to
some j.random protocol (say, anything that uses a single TCP stream)
without any additional specification beyond perhaps a port number.
This is a bad idea for several reasons, but unfortunately it's become
common practice.

Keith

Prev by Date: Re: Comments on Mandatory Ciphers and a Proposal
Next by Date: Re: Comments on Mandatory Ciphers and a Proposal
Previous by thread: Re: Comments on Mandatory Ciphers and a Proposal
Next by thread: Re: Comments on Mandatory Ciphers and a Proposal
Index(es):
- Date
- Thread