Re: Handling NULL key exchange for NULL_ ciphersuite

• To: ietf-tls@w3.org
• Subject: Re: Handling NULL key exchange for NULL_ ciphersuite
• From: Win Treese <treese@OpenMarket.com>
• Date: Sun, 09 Feb 1997 02:13:41 -0500
• From ietf-tls-request@www10.w3.org Sun Feb 9 02: 44:22 1997
• Message-Id: <3.0.32.19970209013701.006f1574@mail-60.OpenMarket.com>
• X-List-URL: http://lists.w3.org/Archives/Public/ietf-tls
• X-Mailer: Windows Eudora Pro Version 3.0 (32)
• X-Sender: treese@mail-60.OpenMarket.com

To close out this issue, I propose that the TLS spec forbid
negotiating to NULL_WITH_NULL_NULL. I understand
the argument for testing, but I suspect the risks of this in
practical deployment make it dangerous.

Win Treese

• Prev: Re: TWO WEEK LAST CALL: Regularizing Port Numbers for SSL.
• Next: Re: Shared Secret Authentication
• Index: Message index of ietf-tls@w3.org mailing list
• Thread: Thread index of ietf-tls@w3.org mailing list