- From: Tom Weinstein <tomw@netscape.com>
- Date: Thu, 10 Oct 1996 10:14:50 -0700
- To: Barb Fox <bfox@microsoft.com>
- CC: Dan Simon <dansimon@microsoft.com>, "'elgamal@netscape.com'" <elgamal@netscape.com>, "'ietf-tls@w3.org'" <ietf-tls@w3.org>, "'treese@OpenMarket.com'" <treese@OpenMarket.com>, "'david.brownell@Eng.Sun.COM'" <david.brownell@Eng.Sun.COM>
Barb Fox wrote: > > But Dan's comment about forward compatibilty in SSL has nothing to do > with passwords per se. Fact: there is no generic extensibility > mechanism in SSL3 - and that's something we need to acknowledge and > fix as soon as we can. The goal of this working group, after all, > should be to create an architecturally-sound, extensible standard. I > admit that this will cause us all some pain as we find ourselves > having to change our fielded implementations to prepare for future > advances in the protocol. But if we bite the bullet and design the > protocol correctly now, it shouldn't be such a big deal as we go > incrementally forward. The lack of a general extension mechanism in SSL v3 is a feature, not a bug. This is a security protocol, and so susceptibility to analysis is a good thing. Simplicity and rigidity are features here. SSL does provide for forwards compatibility by allowing version negotiation and protection from version rollback attacks. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw@netscape.com
Received on Thursday, 10 October 1996 13:29:13 UTC