[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] TLS 1.2 draft comments

To: "EKR" <ekr@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [TLS] TLS 1.2 draft comments
From: "Omirjan Batyrbaev" <batyr@xxxxxxxxxxxx>
Date: Sun, 31 Dec 2006 16:02:43 -0500
Cc: tls@xxxxxxxx
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <BAY103-DAV17E2A403A0F53177A5D23792C50@xxxxxxx><868xgp594m.fsf@xxxxxxxxxxxxxx><BAY103-DAV18B3EF60CDF312016ABCF892C40@xxxxxxx><> <86slew10pc.fsf@xxxxxxxxxxxxxx>

see inserted:
Subject: Re: [TLS] TLS 1.2 draft comments


> "Omirjan Batyrbaev" <batyr@xxxxxxxxxxxx> writes:
>
> >> 2. CIPHERSPEC, EXPORT
> >>
> >> If the 40-bit export ciphersuites are being deprecated,
> >
> > But some constrained enviroments do need 40-bit "export" ciphersuites.
>
> I'm not aware of any such environment. Can you please > name them?

Some embeded systems, for example cheap EPC RFID tag. The Generation 2 tag
today does not even have a cryptographic hash function, etc.

>
>
> > Besides since the NULL encryption ciphersuites exist why can't 40-bit
> > "export" ciphersuites exist too?
>
> Because there's no good reason for them to exist and the key
> weakening primitive adds substantial complexity to the
> protocol.
>
>
> > If needed the TLS client and server always
> > can neogtiate a stronger encryption so why the depreciation (and what it
> > would exactly mean to the implementations).
>
> Here's the relevant text from 4346. So, actually, they're already
> deprecated.
>
>    When SSLv3 and TLS 1.0 were designed, the United States restricted
>    the export of cryptographic software containing certain strong
>    encryption algorithms.  A series of cipher suites were designed to
>    operate at reduced key lengths in order to comply with those
>    regulations.  Due to advances in computer performance, these
>    algorithms are now unacceptably weak, and export restrictions have
>    since been loosened.  TLS 1.1 implementations MUST NOT negotiate
>    these cipher suites in TLS 1.1 mode.  However, for backward
>    compatibility they may be offered in the ClientHello for use with TLS
>    1.0 or SSLv3-only servers.  TLS 1.1 clients MUST check that the
>    server did not choose one of these cipher suites during the
>    handshake.  These ciphersuites are listed below for informational
>    purposes and to reserve the numbers.
>
> -Ekr
>


_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] TLS 1.2 draft comments
  - From: home_pw
- Re: [TLS] TLS 1.2 draft comments
  - From: EKR

References:
- [TLS] TLS 1.2 draft comments
  - From: home_pw
- Re: [TLS] TLS 1.2 draft comments
  - From: EKR
- Re: [TLS] TLS 1.2 draft comments
  - From: home_pw
- Re: [TLS] TLS 1.2 draft comments
  - From: Omirjan Batyrbaev
- Re: [TLS] TLS 1.2 draft comments
  - From: EKR

Prev by Date: [TLS] server auth on renegoiate
Next by Date: Re: [TLS] TLS 1.2 draft comments
Previous by thread: Re: [TLS] TLS 1.2 draft comments
Next by thread: Re: [TLS] TLS 1.2 draft comments
Index(es):
- Date
- Thread