- From: Phil Karlton <karlton@netscape.com>
- Date: Tue, 17 Dec 1996 10:45:16 -0800
- To: "David P. Kemp" <dpkemp@missi.ncsc.mil>
- CC: ietf-tls@w3.org
David P. Kemp wrote:
> But the standard, mandatory-to-implement, universally-interoperable
> algorithm cannot be proprietary.
Unfortunately, operations in the real world mean that there will never
be a universally-interoperable algorithm, even within the domain of
supporting a single protocol, say HTTP. For instance, some
implementations will only contain support for FORTEZZA and others will
contain no support for FORTEZZA.
There are some CipherSpecs that are only useful where MITM attacks are
unlikely, say anonymous Diffie-Hellman supporting telnet on a single
subnet. We shouldn't say "That's not TLS." since it doesn't support the
'mandatory aglorithm'.
I'm not arguing against the goal, but the spec needs to deal (carefully)
with how TLS will be actually used.
PK
--
Philip L. Karlton karlton@netscape.com
Principal Curmudgeon http://www.netscape.com/people/karlton
Netscape Communications Corporation
Everything should be made as simple as possible, but not simpler.
-- Albert Einstein
Received on Tuesday, 17 December 1996 13:46:27 UTC