Re: [TLS] TLS 1.2 draft comments

["Omirjan Batyrbaev" <batyr@xxxxxxxxxxxx>]

> 2. CIPHERSPEC, EXPORT
>
> If the 40-bit export ciphersuites are being deprecated,

But some constrained enviroments do need 40-bit "export" ciphersuites.
Besides since the NULL encryption ciphersuites exist why can't 40-bit
"export" ciphersuites exist too? If needed the TLS client and server always
can neogtiate a stronger encryption so why the depreciation (and what it
would exactly mean to the implementations).
This depreciation would also weaken WTLS statement that it is based on TLS.


> will the standard
> maintain
> the rest of the strengh-limitation (export reg.) apparatus that IESG
> endorsed?
> (the changecipherspec process leading to the final derivation of keying
> material in
> non MISSI ciphersuites?)
>
> We might leave it as is, bind the traditional function(s) associated with
> the
> current value of cipherspec (1), and introduce a second value (2) - to be
> associated with the expected practices hereonafter. A fatal alert might
> be introduced for a modern implementation to react to value=1.
>


_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls