[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Moving forward (fwd)

To: IETF Transport Layer Security WG <ietf-tls@xxxxxxxxxxxxx>
Subject: Re: Moving forward (fwd)
From: Chris Newman <chris+ietf-tls@xxxxxxxxxxxx>
Date: Fri, 25 Jul 1997 14:13:14 -0700 (PDT)
Reply-to: <ietf-tls@xxxxxxxxxxxxx>

On Fri, 25 Jul 1997, Christopher Allen wrote:
> Given that official remandment by the IESG, we (the editors) will proceed
> with putting the MUST ciphersuites into the draft, and hopefully the draft
> can finally go RFC as a Proposed Standard by Munich.

Not good enough.  A proposed standard has to have both rough concensus of
the WG and IESG approval.

It actually looks like the list getting closer to agreement assuming the
language is written in terms of "these are the mandatory-to-implement 
cipher suites unless the profile of TLS for a specific application
specifies otherwise."  I suggest the document editors put something like
that in words they find acceptable.  If nobody on the WG list objects
strongly to the results, we're done.

I suspect part of the communication disconnect we're seeing is that some
of the TLS implementors are thinking Intranet while the IESG and others
like myself are thinking Internet.  With Intranet you're primarily
concerned with intra-company communication and interoperability is less of
an issue.  With the Internet you ignore the existence of companies and
assume lots of individual computers each with custom implementations that
have to successfully communicate with each other.  The latter paradigm has
much stricter interoperability requirements and is what IETF standards
describe.

To try to explain where I'm coming from, think about the following
scenario: Take 100 compliant POP+TLS server implementations and 100
compliant POP+TLS client implementations.  Pick any pair, install it with
"standards compliance mode" so it does only what's required by the POP+TLS
specifications and nothing more.  Also remove all software and hardware
not required by the standards (including proprietary gateways and
translation layers). If any pair can exist which fails to fetch mail with
encryption (the primary goals of POP and TLS), then the standards are
broken.  Note that by this stringent test, most standards are broken, but
we still have to do our best.  If we know of any problem which causes a
failure in this scenairo, we need to fix it before moving on.  Lack of a
mandatory cipher suite will cause a failure.

		- Chris

Prev by Date: Re: Moving the TLS Process Forward
Next by Date: Re: Comments on Mandatory Ciphers and a Proposal
Previous by thread: Moving the TLS Process Forward
Next by thread: Re: Moving forward (fwd)
Index(es):
- Date
- Thread