[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on Mandatory Ciphers and a Proposal

To: Lewis McCarthy <lmccarth@xxxxxxxxxxxx>
Subject: Re: Comments on Mandatory Ciphers and a Proposal
From: Ned Freed <Ned.Freed@xxxxxxxxxxxx>
Date: Thu, 24 Jul 1997 18:31:18 -0700 (PDT)
Cc: Transport Layer Security List <ietf-tls@xxxxxxxxxxxxx>
Reply-to: <ietf-tls@xxxxxxxxxxxxx>

> > Absolutely. This follows directly from the fact that TLS only
> > specifies a set of mandatory ciphersuites for applications which
> > themselves have no mandatory sets of their own.

> OK, great! Up until some recent messages from you & Keith Moore, it
> was far from clear to me that that would be the case.

> > Note, however, that it would be clearer (and much grander
> > sounding ;-) to to say "our product fully conforms to the IETF
> > standard TLS profile for XXX applications".

> I completely agree with this. Most of the preceding discussion on the
> list in favor of mandatory-to-implement ciphersuites appeared to rule
> out the possibility of this kind of statement.

As I said before, I don't see how they can rule out such a thing. This
is an ongoing process, and we revise protocols all the time.

> > Actually, what is surprising here is that you think you can say "TLS
> > compliant" in the absence of a mandatory set of ciphersuites and have
> > any meaning attach to your statement.

> Wow, that's remarkably dismissive of several dozen pages of protocol
> specification! Speaking as someone interested in designing and
> analyzing security protocols, I find it very meaningful to say "we've
> implemented the TLS protocol" rather than claiming to have implemented
> any one of dozens of alternative protocols with security flaws.

I did not mean to be dismissive of the specification. I respect the work that's
gone into TLS and I think it is a good protocol design overall. But this just
strengthens my resolve not to let this group piss away all this good work by
embarking on a course of action where implementations will be able to claim
conformance without interoperating, which will then be lambasted in the
technical media (a group always alert for this sort of gaffe on the part of
standards writers and implementors), and which will then turn the moniker "TLS
compliant" into a joke. And I sincerely believe this is what will happen if
this group doesn't at least get some clear guidelines into the base
specification that explain that applications using TLS MUST specify appropriate
a non-empty set of mandatory ciphersuites to guarantee interoperability.

> > Now, you may argue that "TLS compliant" might prove to be effective
> > marketing hype even if it is vacuous in some sense. And I would
> > probably agree. But of course marketing hype isn't supposed to be what
> > we're producing here.

> Just to be clear, I'm not currently employed by any organization that
> sells or markets anything. Frankly I don't care whether it makes for
> a good marketing spiel or not. I consider "TLS compliant" to be a
> technically significant claim. To be sure, it would be more significant
> also to mention the key exchange algorithms, ciphers, hashes, etc.
> that were available for use with TLS in a specific implementation.
> Both parts of the claim are important.

I completely agree with this analysis.

> At any rate, I think we are in violent agreement on the practical
> issues at hand, given that recommended-to-implement TLS ciphersuites
> seem to be a lost cause.

I think so too.

				Ned

Prev by Date: Re: Comments on Mandatory Ciphers and a Proposal
Next by Date: Re: Attack against handshake protocol
Previous by thread: Re: Comments on Mandatory Ciphers and a Proposal
Next by thread: Re: Comments on Mandatory Ciphers and a Proposal
Index(es):
- Date
- Thread