Re: Extensibility

Dan Simon wrote:
> 
>>From:  Tom Weinstein[SMTP:tomw@netscape.com]
>>
>> The lack of a general extension mechanism in SSL v3 is a feature, not
>> a bug.  This is a security protocol, and so susceptibility to
>> analysis is a good thing.  Simplicity and rigidity are features here.
>>  SSL does provide for forwards compatibility by allowing version
>> negotiation and protection from version rollback attacks.
>
> 
> No one is suggesting that complex extra features be added willy-nilly
> without careful consideration of their security implications. 
> However, to neglect to account for possible (and possibly necessary)
> improvements in the protocol beyond those that can be addressed by
> versioning (particularly possible changes to the first handshake
> message sent) would be, in my opinion, sheer reckless hubris.  SSL 3.0
> currently lacks, and TLS desperately needs, a mechanism for
> incorporating such improvements.

This is completely untrue.  Although SSL 3.0 does not have a formal
mechanism for extension, such as the X protocol has, it does provide for
compatibility with future versions.

> Right now, most of the world still uses a completely inadequate SSL
> 2.0 client hello, and is forced to play weird nonstandard tricks with
> what would otherwise be a perfectly standard PKCS public-key
> encryption, all because of SSL 2.0's lack of extensibility.  Please,
> let us learn from past mistakes.

We have.  SSL 3.0 supports forward compatibility and has protection from
version rollback attacks.  As soon as the world stops supporting SSL
2.0, we will immediately reap the benefits these improvements.  Why are
you flogging this dead horse?

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com

Received on Monday, 14 October 1996 18:50:59 UTC