[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] TLS 1.2 draft comments

To: "Omirjan Batyrbaev" <batyr@xxxxxxxxxxxx>
Subject: Re: [TLS] TLS 1.2 draft comments
From: EKR <ekr@xxxxxxxxxxxxxxxxxxxx>
Date: Sun, 31 Dec 2006 08:37:03 -0800
Cc: tls@xxxxxxxx
In-reply-to: <> (Omirjan Batyrbaev's message of "Sun, 31 Dec 2006 10:56:34 -0500")
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <BAY103-DAV17E2A403A0F53177A5D23792C50@xxxxxxx> <868xgp594m.fsf@xxxxxxxxxxxxxx> <BAY103-DAV18B3EF60CDF312016ABCF892C40@xxxxxxx> <>
Reply-to: EKR <ekr@xxxxxxxxxxxxxxxxxxxx>
User-agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)

"Omirjan Batyrbaev" <batyr@xxxxxxxxxxxx> writes:

>> 2. CIPHERSPEC, EXPORT
>>
>> If the 40-bit export ciphersuites are being deprecated,
>
> But some constrained enviroments do need 40-bit "export" ciphersuites.

I'm not aware of any such environment. Can you please name them?

> Besides since the NULL encryption ciphersuites exist why can't 40-bit
> "export" ciphersuites exist too?

Because there's no good reason for them to exist and the key
weakening primitive adds substantial complexity to the 
protocol.

> If needed the TLS client and server always
> can neogtiate a stronger encryption so why the depreciation (and what it
> would exactly mean to the implementations).

Here's the relevant text from 4346. So, actually, they're already
deprecated.

   When SSLv3 and TLS 1.0 were designed, the United States restricted
   the export of cryptographic software containing certain strong
   encryption algorithms.  A series of cipher suites were designed to
   operate at reduced key lengths in order to comply with those
   regulations.  Due to advances in computer performance, these
   algorithms are now unacceptably weak, and export restrictions have
   since been loosened.  TLS 1.1 implementations MUST NOT negotiate
   these cipher suites in TLS 1.1 mode.  However, for backward
   compatibility they may be offered in the ClientHello for use with TLS
   1.0 or SSLv3-only servers.  TLS 1.1 clients MUST check that the
   server did not choose one of these cipher suites during the
   handshake.  These ciphersuites are listed below for informational
   purposes and to reserve the numbers.

-Ekr

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] TLS 1.2 draft comments
  - From: Omirjan Batyrbaev

References:
- [TLS] TLS 1.2 draft comments
  - From: home_pw
- Re: [TLS] TLS 1.2 draft comments
  - From: EKR
- Re: [TLS] TLS 1.2 draft comments
  - From: home_pw
- Re: [TLS] TLS 1.2 draft comments
  - From: Omirjan Batyrbaev

Prev by Date: Re: [TLS] TLS 1.2 draft comments
Next by Date: [TLS] TLS1.2: focus on non X.509 certs, cert URLs, authoirzation spaces, registration practices
Previous by thread: Re: [TLS] TLS 1.2 draft comments
Next by thread: Re: [TLS] TLS 1.2 draft comments
Index(es):
- Date
- Thread