Moving the TLS Process Forward

[Christopher Allen <ChristopherA-Lists@xxxxxxxxxxxxx>]

At 4:00 PM -0700 7/24/97, Keith Moore wrote:
>But Internet standard application protocols that use TLS are going to
>need "MUST implement" ciphersuites.

I think we have a process problem here, that requires a process solution.

We are at an impasse -- there was rough consensus when the TLS draft was
submitted to the IESG, and now that there has been a requirement passed
down by the IESG to mandate MUST ciphersuites we have lost that consensus.
In fact, if anything, I think the weight of what consensus we do have is
against the IESG opinion here (or at least the IESG opinion as has been
represented by Keith and Jeff.)

Fundamentally, I think we have an architecture problem. There are those
that believe that it should be security over interoperability -- following
a sort of "cryptographers code". Then there are the protocol designers that
emphasize their own "interoperability code".

The only position that had rough consensus (before and after the IESG
remandment) is that higher level applications protocols may specify MUST
ciphersuites, but the TLS spec itself should not.

Thus, in order to move past this process SNAFU, I'd like to see that the
IESG officially tell the TLS working group "you must put in MUST
ciphersuites in the TLS spec". This request should be put in writing and
appear in the next IESG minutes (as the previous "remanding" of the TLS
document was apparently not official as there is nothing about TLS in the
previous IESG minutes.)

Given that official remandment by the IESG, we (the editors) will proceed
with putting the MUST ciphersuites into the draft, and hopefully the draft
can finally go RFC as a Proposed Standard by Munich.

Meanwhile, those of us that have an issue with this IESG decision can take
the opportunity to pursue IAB appeal of that IESG mandate in that separate
venue. If the appeal is granted, the changes can be applied to the TLS RFC
when TLS goes from proposed standard to draft standard next year.