[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Interoperability counter view

To: ietf-tls@xxxxxxxxxxxxx
Subject: Interoperability counter view
From: Pablo Calamera <pablo@xxxxxxxxxxxxxx>
Date: Mon, 28 Jul 1997 12:19:49 -0700
Reply-to: <ietf-tls@xxxxxxxxxxxxx>

I've heard a number of times from the MUST cipher camp that (I'm
paraphrasing here) without interoperability TLS is basically useless and
fails in it's stated goals.  My perspective is that the protocol is
entirely interoperable and useful if no MUST cipher suite is specified.
Interoperability comes at the level where the two end points agree to not
communicate.  The spec defines how the communication is started; the
handshake, how ciphers are specified and negotiated, and finally how the
payload is delivered.  That to me that is interoperable.  I could not even
attempt such an exchange with a TLS end point if we did not know how to
speak to each other.  Now we may (either one) reject the communication for
any number of reasons including security policy ones, but we were able to
"talk" to each other to determine that.

I understand the desire to "gaurantee" communication between two TLS end
points but still feel strongly that having MUST ciphers in the spec is a
bad idea.  I think putting the onus on application profile standards is an
interesting approach bad but may well lack the fidelity needed since
security policies may dictate different MUST ciphers.  I suppose baring any
better approach (per IETF policies), defining the MUST ciphers in
application profile standards would do as long as each cipher was
represented in a profile. YUK!

Pablo

Prev by Date: Re: tls
Next by Date: Re: Moving the TLS Process Forward
Previous by thread: I-D ACTION:draft-ietf-tls-kerb-cipher-suites-01.txt
Next by thread: What are the Mandatory Ciphers Proposed?
Index(es):
- Date
- Thread