Re: CipherSuites for IETF-Algorithm-Compliant document

> > But the standard, mandatory-to-implement, universally-interoperable
> > algorithm cannot be proprietary.
>
> Unfortunately, operations in the real world mean that there will never
> be a universally-interoperable algorithm ...

The IETF requirement levels apply to implementations of a standard, and
mandatory just means that the product must be capable of using a particular
algorithm. The goal is to encourage interoperability by ensuring that
anyone who wishes to use the baseline capability will have it available
if they have a TLS-compliant product.

Determining whether the baseline capability is enabled or not is a
policy matter to be decided by the user/sysadmin/SSO, and the IETF is
explicitly silent on policy.  The actual level of interoperability in the
real world will be determined by those configuration/policy decisions.

In theory, the working group could decide to have no mandatory algorithms
and make all of them optional, but it might have trouble convincing the
IESG to approve a document that did not define a required (lowest common
denominator?) baseline capability.  Given that some set of CipherSuites
is designated as mandatory, that set should not include proprietary
algorithms when acceptable non-proprietaty alternatives exist.

Received on Friday, 20 December 1996 18:00:09 UTC