TLS draft & TLS proposals

[I do not want to conduct TLS discussion in SSL-talk if possible; please
trim SSL-talk from any followups].

It was suggested to me that I quickly summarize the content and intent of
the two TLS drafts I submitted for San Jose.

The TLS protocol draft (draft-ietf-tls-protocol-00.txt) is intended to be
an edit of the SSL 3.0 protocol document to ready it for IETF
standardization. In addition, I rearranged some stuff and clarified a few
things that I know I had found confusing. In comparison to the recent SSL
draft submitted by Tom Weinstein at Netscape
(draft-ietf-tls-ssl-version3-00.txt), I think the following changes are
most significant:
 - Introduced more seperation and formal interface between the handshaking
process and the record layer, with the intent of enabling TLS to
standardize these two parts as different but related protocols.
 - Removed all references to Fortezza, as it is considered inappropriate
for IETF standards. Instead, inserted language about how to add key
exchange methods; then, an informational RFC can be generated to describe
TLS Fortezza key exchange.
 - Fixed a definition problem in anonymous server key exchange messages
whose fix didn't make it into Tom's draft.
 - Changed SSL to TLS throughout.
 - Wrote some additional descriptive text.

The document is still very much based on the Netscape document. It is my
intent and belief that this document describes the same protocol as the SSL
document: i.e., the bits on the wire and their correct interpretation have
not changed.

The changes draft (draft-ietf-tls-ssl-mods-00.txt) describes nine technical
modifications I propose to the SSL protocol before standardization as TLS.
These were selected as changes which I hope are non-controversial. They
primarily have to do with streamlining the cryptography, implementation, or
documentation of the protocol; they do not introduce any significant new
features or behaviour. Specifically, I did not describe the mine fields of
password authentication, pre-encrypted data, or attribute certificates.

It is my hope that we can quickly reach consensus on these proposals and
any other similar ones, then describe how any additional features might be
layered on top of the protocol as described, then come to a decision on
which, if any, of those proposals will be incorporated into the standard.

 - Tim

Tim Dierks - -
     Software Haruspex - Consensus Development
  Developer of SSL Plus: SSL 3.0 Integration Suite

Received on Tuesday, 3 December 1996 04:02:47 UTC