[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] comment on null encryption ciphersuite; https RFC amendment ...to compensate

To: "Blumenthal, Uri" <uri.blumenthal@xxxxxxxxx>
Subject: Re: [TLS] comment on null encryption ciphersuite; https RFC amendment ...to compensate
From: "Steven M. Bellovin" <smb@xxxxxxxxxxxxxxx>
Date: Sun, 19 Nov 2006 20:44:29 -0500
Cc: tls@xxxxxxxx
In-reply-to: <279DDDAFA85EC74C9300A0598E704056F91A47@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Organization: Columbia University
References: <279DDDAFA85EC74C9300A0598E704056F91A47@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>

On Sun, 19 Nov 2006 11:32:51 -0500, "Blumenthal, Uri"
<uri.blumenthal@xxxxxxxxx> wrote:

> Peter,
>  
> Whether you like it or not, but (a) there are applications that are OK
> with authentication/integrity only, and more importantly (b) some
> legistations and domains forbid encrypted channels, period. To address
> this reality, authentication-only TLS protocol suites are introduced.
> Their applicability is clear and limited - exactly as explicitly
> specified in the document.
>  
> Political balance and issues should be brought to US Congress and
> corresponding foreign bodies.

Uri: ever since the Danvers IETF -- April, 1995 -- the IETF has had a
policy of designing cryptographic mechanisms taking into account only
technical criteria, not political issues.  (Also see RFC 1984.)

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

References:
- RE: [TLS] comment on null encryption ciphersuite; https RFC amendment ...to compensate
  - From: Blumenthal, Uri

Prev by Date: [TLS] RE: comment on null encryption ciphersuite; https RFC amendment ...to compensate
Next by Date: [TLS] Serious crypto problem fixed by envelope HMAC method instead of currently used prefix
Previous by thread: RE: [TLS] comment on null encryption ciphersuite; https RFC amendment ...to compensate
Next by thread: [TLS] draft-ietf-tls-rfc4346-bis-02.txt
Index(es):
- Date
- Thread