Re: Closing on shared-key authentication

Barb Fox wrote:
> But Dan's comment about forward compatibilty in SSL has nothing to do
> with passwords per se.  Fact: there is no generic extensibility
> mechanism in SSL3 - and that's something we need to acknowledge and
> fix as soon as we can.  The goal of this working group, after all,
> should be to create an architecturally-sound, extensible standard.  I
> admit that this will cause us all some pain as we find ourselves
> having to change our fielded implementations to prepare for future
> advances in the protocol.  But if we bite the bullet and design the
> protocol correctly now, it shouldn't be such a big deal as we go
> incrementally forward.

The lack of a general extension mechanism in SSL v3 is a feature, not a
bug.  This is a security protocol, and so susceptibility to analysis is
a good thing.  Simplicity and rigidity are features here.  SSL does
provide for forwards compatibility by allowing version negotiation and
protection from version rollback attacks.

You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      |

Received on Thursday, 10 October 1996 13:29:13 UTC