- From: David P. Kemp <dpkemp@missi.ncsc.mil>
- Date: Wed, 4 Dec 1996 12:18:19 -0500
- To: ietf-tls@w3.org
> From: Tom Weinstein <tomw@netscape.com> > > After looking at the suggested changes, I'd categorize them as follows. > > These entail changes to the protocol: > > > 1. MAC algorithm > > 2. MAC contents > > 7. Additional alerts > > 9. Additional Record Protocol clients > > At this point, I'd be unhappy with any changes to the protocol, although > 7 and 9 don't appear to be very damaging to existing implementations. > I think that any changes we make to the protocol must be looked at very > closely. I thought Netscape had already decided that "SSL 3.1" would incorporate item 1 (switch to the official IETF HMAC). Considering that 1 and 2 are obvious (several sources, including the Wagner/Schneier paper, independently arrived at the same recommendations for "fixing" the SSL 3.0 record layer), I'd say that they have already been looked at closely. But you are right about the need for configuration control - we should come to closure on a whole set of changes (including the other proposals, not just the 4 listed here) before publishing TLS 1.0. Publishing a beautified SSL 3.0 makes the incompatible changes less urgent - there's no need to rush these out the door.
Received on Wednesday, 4 December 1996 12:28:35 UTC