Re: TLS 1.0 "draft-ietf-tls-protocol-01.txt" Now Available

> From: Eric Murray <ericm@lne.com>
>
> Why don't we add some Blowfish CipherSuites?
> It's a published (and public domain!) algorithim.


Good idea.  And Blowfish was mentioned the last time this came up,
several months ago.

The point of removing RC2 and RC4 from the TLS base document is *not*
to prevent their use with TLS, it is to restructure the IETF TLS
standard as a core document plus additional ciphersuite-specific
documents.  This follows the IPSEC example of generic AH/ESP documents
supplemented by additional transform-specific documents.  I thought
the working group had reached consensus on a modular document structure,
and am a bit disappointed that the present draft does not reflect that
consensus.

The TLS base document should specify mandatory-to-implement algorithms
to promote interoperability.  Currently the DES/3DES ciphersuites
fill that role, but Blowfish or another published and freely-available
algorithm might conceivably be suitable as the interoperable
baseline.

TLS "transform" documents could be written to specify the use of many
other ciphersuites, published or proprietary, including RC2, RC4,
Blowfish, SAFER, Fortezza(R), etc.  This makes it easier to add
future ciphersuites to TLS without having to re-do the base document
every time.

Received on Friday, 7 March 1997 12:06:50 UTC