Re: [TLS] Status of IDEA and single-DES (ticket #64)

["tom.petch" <cfinss@xxxxxxxxxxxxxx>]

(2)  Keep all the information together (until the day it becomes too unwieldy,
say in excess of 100 pages); otherwise people will miss crucial information, not
understanding how to find all the relevant facts (see a recent discussion on the
main IETF list demonstrating that).

Tom Petch


----- Original Message -----
From: <Pasi.Eronen@xxxxxxxxx>
To: <tls@xxxxxxxx>
Sent: Tuesday, January 22, 2008 9:41 AM
Subject: [TLS] Status of IDEA and single-DES (ticket #64)


<wg chair hat on>

We seem to have quite widespread agreement that single-DES and
IDEA are not algorithms you should use in most circumstances, and
if you're an implementor, disabling or removing those cipher
suites wouldn't usually be a bad idea.

We don't seem to have complete agreement on what exactly,
specification-writing-wise, is the most appropriate way to convey
this agreement. Several people have supported simple "MUST NOT";
others have argued that this is a policy decision, and should not
be hardcoded in the spec.

By my latest count, slightly smaller number of people have supported
a total MUST NOT than some form of "not good idea, but not totally
prohibited either" recommendation. I believe that changing this to
MUST NOT would require significantly stronger support, and therefore
we're going for something else.

I'd therefore like to propose two concrete alternatives for the
WG to comment:

(1) Remove all mentions of IDEA and single-DES from the TLS 1.2
main specification. Create a separate (1-page) document which lists
the cipher suite numbers, along with some kind of "not really that
good idea usually" advice.

The exact wording of this advice needs to be discussed, but it
could include e.g. SHOULD NOT use, SHOULD NOT implement, SHOULD
remove from existing implementations, and/or SHOULD NOT be enabled
by default. This document would not be on Standards Track (in
other words, either Informational or Historic).

(2) Keep IDEA and single-DES in the TLS 1.2 main specification,
but include a short advice along the lines described above.

If you commented the IDEA/DES discussion earlier, please reply
and indicate which of these alternatives (or none or both) would
be acceptable to you.

Speaking as a WG chair, I would prefer an alternative that allows us
to ship the TLS 1.2 main specification to AD Evaluation ASAP. We've
already missed our milestone by more than a year, and I've received
comments from implementors that they'd like to see this finished soon.

I would also not mind having an alternative that would allow us -- if
we so later decide -- to promote TLS 1.2 to Draft Standard without
producing a new document.

<wg chair hat off>
Personally, I think the first option would reasonably satisfy these
goals, and would keep the spirit of including only "good stuff"
in the TLS main specification.

Best regards,
Pasi


_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls



_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls