[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on Mandatory Ciphers and a Proposal

To: ietf-tls@xxxxxxxxxxxxx
Subject: Re: Comments on Mandatory Ciphers and a Proposal
From: Ned Smith <nsmith@xxxxxxxxxxxxxxxxxx>
Date: Fri, 25 Jul 1997 15:08:24 -0700
Cc: Keith Moore <moore@xxxxxxxxxx>, jis@xxxxxxx
Reply-to: <ietf-tls@xxxxxxxxxxxxx>

At 03:06 PM 7/25/97 -0400, Keith Moore wrote:
>> At 5:51 PM -0700 7/24/97, Keith Moore wrote:
>> >> Applications have to be able to
>> >> say that they are "conformant" to the TLS protocol even when they
provide
>> >> the result "we can't agree on a mutual security requirement". (Which,
BTW,
>> >> I think means they are sufficiently interoperable.)
>> >
>> >If a customer buys a POP+TLS client from one vendor and a POP+TLS
>> >server from another vendor, and they won't talk to each other because
>> >they don't each support a TLS ciphersuites of sufficient
>> >strength... somehow I doubt he would agree that they are sufficiently
>> >interoperable.
>> 
>> However, your example in this arguement is bad -- I believe that POP+TLS
>> should be define a ciphersuite requirement. I am only saying that TLS, bare
>> of any protocol (i.e. not very useful by itself) should not define any
>> ciphersuite requirements other than SHOULD recommendations that the
>> POP+TLS/SMTP+TLS/HTTP+TLS may decide to make MUSTs.
>
>The problem is that it's so easy to combine TLS with any protocol that
>uses a single TCP stream, that people will do it in the absence of any
>external specification.  We've seen this several times already with
>SSL.  Of course, this is a "feature", and in most respects it's a nice
>one.
>
>But vendors don't want to wait on a specification, they want to ship
>product ASAP...ideally, before their competitors do.  So they'll ship
>FOO with TLS before there's a specification for doing so.  And their
>marketers will claim compliance with TLS.  And the customers will buy
>FOO clients and servers that claim compliance with TLS and find that
>they don't interoperate at all, or the implementations won't
>interoperate with adequate levels of security.
>
>So we need to define what "compliance with TLS" means, including
>mandantory ciphersuites that are adequate for most purposes.
>
>Keith

Keith,
Your concern for keeping over eager marketers in check is certainly
appreciated by all. However, it strikes me as being a little like the tail
wagging the dog. The status of any draft in the IETF is public information.
Any potential customer is able to cross check the progress of a standard
without trusting the  over eager marketer.

(It probably goes without saying.) But this doesn't lessen the need for
standards to move quickly - it just shouldn't be a substitute for designing
a protocol based on technical merit. 

Your last point about mandating a ciphersuite "suitable" for most purposes
is intuitive but also subjective. No matter what the WG chooses it will be
the wrong choice. The current architecture of TLS is sensitive to the need
to separate policy from mechanism. And the mechanism allows the parties to
negotiate the policy. 

Regards,
Ned
Ned Smith                 Intel Architecture Labs 
JF2-74  2111 N.E. 25th Ave.  Hillsboro, OR. 97124
Ph: 503.264.2692 Fax: x1805  Mailto:nsmith@xxxxxxxxxxxxxxx
Http://www.intel.com/ial/security/index.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Prev by Date: Re: Moving forward (fwd)
Next by Date: TLS will not meet in Munich
Previous by thread: Re: Comments on Mandatory Ciphers and a Proposal
Next by thread: Re: Comments on Mandatory Ciphers and a Proposal
Index(es):
- Date
- Thread