[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on Mandatory Ciphers and a Proposal

To: Keith Moore <moore@xxxxxxxxxx>
Subject: Re: Comments on Mandatory Ciphers and a Proposal
From: Christopher Allen <ChristopherA-Lists@xxxxxxxxxxxxx>
Date: Fri, 25 Jul 1997 10:43:38 -0700
Cc: ietf-tls@xxxxxxxxxxxxx, jis@xxxxxxx
Reply-to: <ietf-tls@xxxxxxxxxxxxx>

At 5:51 PM -0700 7/24/97, Keith Moore wrote:
>> Applications have to be able to
>> say that they are "conformant" to the TLS protocol even when they provide
>> the result "we can't agree on a mutual security requirement". (Which, BTW,
>> I think means they are sufficiently interoperable.)
>
>If a customer buys a POP+TLS client from one vendor and a POP+TLS
>server from another vendor, and they won't talk to each other because
>they don't each support a TLS ciphersuites of sufficient
>strength... somehow I doubt he would agree that they are sufficiently
>interoperable.

However, your example in this arguement is bad -- I believe that POP+TLS
should be define a ciphersuite requirement. I am only saying that TLS, bare
of any protocol (i.e. not very useful by itself) should not define any
ciphersuite requirements other than SHOULD recommendations that the
POP+TLS/SMTP+TLS/HTTP+TLS may decide to make MUSTs.

>> Allowing Alice Attacker to focus on breaking any MUST cipherspecs, or by
>> putting in place a MUST ciphersuite that will have to be replaced in a
>> couple of years for security reasons, or that the market just doesn't
>> accept that the IESG's decision as to what is "secure enough" is good
>> enough -- all of these are bad ideas. There is no harm to strongly
>> encouraging with a SHOULD certain ciphersuites, the harm is not mandating
>> them.
>
>If we specify only SHOULD ciphersuites and no MUST ciphersuites, some
>vendors will fail to support the SHOULD ciphersuites and claim
>compliance with the spec anyway.  These products will either fail to
>interoperate with other products, or the users of such products
>will have their security compromised.  This is harmful.

Again, TLS does not usefully exist outside of the protocols it supports --
they should decide. For instance, ftp+tls may have a MUST requirement for
anonymous ciphersuites to correspond to anonymous FTP, that HTTP+TLS will
not allow. Since TLS is never without a higher level protocol, it is that
higher level protocol that should define how it uses TLS, not TLS dictate
to the higher level protocol its security requirements.

Prev by Date: Re: Comments on Mandatory Ciphers and a Proposal
Next by Date: Moving the TLS Process Forward
Previous by thread: Re: Comments on Mandatory Ciphers and a Proposal
Next by thread: Re: Comments on Mandatory Ciphers and a Proposal
Index(es):
- Date
- Thread