Re: Comments on Mandatory Ciphers and a Proposal

[Keith Moore <moore@xxxxxxxxxx>]

> Your last point about mandating a ciphersuite "suitable" for most purposes
> is intuitive but also subjective. No matter what the WG chooses it will be
> the wrong choice. The current architecture of TLS is sensitive to the need
> to separate policy from mechanism. And the mechanism allows the parties to
> negotiate the policy. 

I disagree with your characterization. 

The fundamental problem here is to make it easy for a customer to 
know whether a product will help him implement his chosen security policy,
or whether a product will let him access a service that implements a
particular security policy.

In other words, he must easily be able to determine whether two TLS 
implementations will (a) interoperate and (b) provide security adequate 
to his needs.

With the current draft is that it is likely that two implementations 
of the same protocol that legitimately claim to implement "Transport Layer 
Security", will either fail to interoperate at all, or fail to provide 
anything that can be reasonably called security.  So, with the current
draft, a claim that a product "conforms to TLS 1.0" is at best almost 
meaningless, and at worst misleading.  

Unfortunately, we have no mechanism that can discourage people from 
making such claims.  But we *can* define what it means to say "conforms 
to TLS 1.0".

If people want to claim some other kind of conformance, that's their 
business.   And we'll probably need to define other conformance levels --
e.g. "TLS 1.0 for casual use only".

Keith