- From: Rodney Thayer <rodney@sabletech.com>
- Date: Tue, 17 Dec 1996 15:12:52 -0500
- To: Phil Karlton <karlton@netscape.com>
- Cc: ietf-tls@w3.org
Although your logic is sound it doesn't seem IETF-compliant. Is there some way we can handle this? For example, if there were a TLS document, and a second document containing ("the SSL profile of TLS")? At 10:45 AM 12/17/96 -0800, you wrote: >David P. Kemp wrote: > >> But the standard, mandatory-to-implement, universally-interoperable >> algorithm cannot be proprietary. > >Unfortunately, operations in the real world mean that there will never >be a universally-interoperable algorithm, even within the domain of >supporting a single protocol, say HTTP. For instance, some >implementations will only contain support for FORTEZZA and others will >contain no support for FORTEZZA. > >There are some CipherSpecs that are only useful where MITM attacks are >unlikely, say anonymous Diffie-Hellman supporting telnet on a single >subnet. We shouldn't say "That's not TLS." since it doesn't support the >'mandatory aglorithm'. > >I'm not arguing against the goal, but the spec needs to deal (carefully) >with how TLS will be actually used. > >PK >-- >Philip L. Karlton karlton@netscape.com >Principal Curmudgeon http://www.netscape.com/people/karlton >Netscape Communications Corporation > > Everything should be made as simple as possible, but not simpler. > -- Albert Einstein > > > Rodney Thayer <rodney@sabletech.com> +1 617 332 7292 Sable Technology Corp, 246 Walnut St., Newton MA 02160 USA Fax: +1 617 332 7970 http://www.shore.net/~sable "Developers of communications software"
Received on Tuesday, 17 December 1996 15:06:28 UTC