- From: Bennet Yee <bsy@cs.ucsd.edu>
- Date: Thu, 09 May 1996 11:35:48 -0700
- To: Taher Elgamal <elgamal@netscape.com>
- Cc: Phil Karlton <karlton@netscape.com>, Tom Stephens <tomste@microsoft.com>, "'Rodney Thayer'" <rodney@sabletech.com>, "'pcttalk@ftp.com'" <pcttalk@ftp.com>, "'ietf-tls@w3.org'" <ietf-tls@w3.org>
In message <31923857.872@netscape.com>, Taher Elgamal writes: > Bennet Yee wrote: > > > > In message <3191A44E.167E@netscape.com>, Phil Karlton writes: > > > > > > In what way is SSL 3 not open? > > > > AFAIK, the feature set was determined almost solely by Netscape. If > > we look at other standards in IETF/IEEE/ANSI/etc, we see a mix of both > > adapt-a-de-facto-standard and standards making by a committee. I > > don't claim that standards making by committee is necessarily a good > > thing, but I would say that adapt-a-de-facto-standard is not a > > particularly "open" process. While perhaps many programmer / > > cryptographer hours have already been spent on SSLv3, it is not > > "entrenched" like SSLv2. > > You are dead wrong. SSL3 feature set was actually taken fromcomments > that were sent to us by about 12 companies or so -- the ones that cared > to give us comments that is. Please review your facts. Taher, Please pardon me for not knowing the details about the process using which SSLv3 was created. I had heard about the SSLv3 in draft form while at MS (the current[?] evil empire), but it was already quite far along, and must have missed any call-for-participation that went out earlier. My other points about the direction of IETF and needing to decide on how weight to give to the effort already expended by various companies or researchers, as well as about care in using security/cryptography terminology still stand. -bsy -------- Bennet S. Yee Phone: +1 619 534 4614 Email: bsy@cs.ucsd.edu Web: http://www-cse.ucsd.edu/users/bsy/ USPS: Dept of Comp Sci and Eng, 0114, UC San Diego, La Jolla, CA 92093-0114
Received on Thursday, 9 May 1996 14:35:55 UTC