- From: Taher Elgamal <elgamal@netscape.com>
- Date: Mon, 22 Apr 1996 23:10:06 -0700
- To: ietf-tls@w3.org
This is in response to the mailings and press announcements exchanged regarding the Microsoft proposed modifications to the SSL 3.0 specifications -- apparently referred to in the industry as "STLP". Microsoft has proposed to Netscape and to the chair of the proposed IETF TLS working group to produce a specification that is a "merge" between SSL 3.0 and PCT 2.0 and provide that combined specification document to the IETF as a starting draft to write a Secure Transport Layer Protocol (STLP) specification. The intent of the merged document is not as a proposed standard of any kind, it is provided just as a starting point so that the working group does not have to consider two different specifications. The document produced by Microsoft did not include any input from Netscape other than it is based completely on SSL 3.0 (without any hints from PCT). Microsoft suggested several modifications to the SSL3.0 spec that they considered to provide added value to the spec. It was interesting to see that the proposed "closed" discussion meeting appear in all magazines as the new Microsoft proposed STLP standard. Aside from that, all the recommended changes to the SSL 3.0 spec either cause possible security holes, are unrelated to securing transport layers or totally irrelevant. For example one of the recommended (by Microsoft) changes is to support datagrams (UDP) as well as TCP traffic. While having a secure version of UDP is a useful tool, it certainly does not belong at all to this discussion since the SSL protocol (and its variants including PCT) is designed assuming a reliable transport. Supporting UDP actually better belongs to the IP layer security efforts because of the "non-reliable" nature of the datagram delivery. There is also a request to change the signal called "ChangeCipherSpec" that determines the starting point of the new agreed upon algorithms to include other values, that actually has the potential of breaking the data stream since that signal is provided as a synchronization point between the client and the server to switch algorithms. There were several editorial changes to the front half of the document that made the document quite unreadable and therefore we did not finish analysing the proposed changes to th protocol. Since Microsoft decided to use the SSL3.0 protocol as the basis for new features, and for the sake of saving time, the TLS working group should review the SSL3.0 spec as the starting point for the TLS discussions, and since the IETF is truely an open forum, Micorsoft does have the opportunity of poposing any changes they see are advantageous to the funationality of the protocol. During the course of the coming several months all these changes and proposed changes from other interested parties will be looked at by the working group. -- Taher Elgamal elgamal@netscape.com Chief Scientist, Netscape Communications (T) 415 937 2898, (F) 415 428 4054
Received on Tuesday, 23 April 1996 02:14:08 UTC