W3C home > Mailing lists > Public > ietf-tls@w3.org > April to June 1996

Re: which to implement?

From: Bennet Yee <bsy@cs.ucsd.edu>
Date: Thu, 09 May 1996 11:35:48 -0700
Message-Id: <199605091835.LAA19499@work.ucsd.edu>
To: Taher Elgamal <elgamal@netscape.com>
Cc: Phil Karlton <karlton@netscape.com>, Tom Stephens <tomste@microsoft.com>, "'Rodney Thayer'" <rodney@sabletech.com>, "'pcttalk@ftp.com'" <pcttalk@ftp.com>, "'ietf-tls@w3.org'" <ietf-tls@w3.org>

In message <31923857.872@netscape.com>, Taher Elgamal writes:
> Bennet Yee wrote:
> > 
> > In message <3191A44E.167E@netscape.com>, Phil Karlton writes:
> > >
> > > In what way is SSL 3 not open?
> > 
> > AFAIK, the feature set was determined almost solely by Netscape.  If
> > we look at other standards in IETF/IEEE/ANSI/etc, we see a mix of both
> > adapt-a-de-facto-standard and standards making by a committee.  I
> > don't claim that standards making by committee is necessarily a good
> > thing, but I would say that adapt-a-de-facto-standard is not a
> > particularly "open" process.  While perhaps many programmer /
> > cryptographer hours have already been spent on SSLv3, it is not
> > "entrenched" like SSLv2.
> 
> You are dead wrong. SSL3 feature set was actually taken fromcomments 
> that were sent to us by about 12 companies or so -- the ones that cared 
> to give us comments that is. Please review your facts.

Taher,

Please pardon me for not knowing the details about the process using
which SSLv3 was created.  I had heard about the SSLv3 in draft form
while at MS (the current[?] evil empire), but it was already quite far
along, and must have missed any call-for-participation that went out
earlier.

My other points about the direction of IETF and needing to decide on
how weight to give to the effort already expended by various companies
or researchers, as well as about care in using security/cryptography
terminology still stand.

-bsy

--------
Bennet S. Yee		Phone: +1 619 534 4614	    Email: bsy@cs.ucsd.edu

Web:	http://www-cse.ucsd.edu/users/bsy/
USPS:	Dept of Comp Sci and Eng, 0114, UC San Diego, La Jolla, CA 92093-0114
Received on Thursday, 9 May 1996 14:35:55 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:34:48 EDT