> > But the standard, mandatory-to-implement, universally-interoperable > > algorithm cannot be proprietary. > > Unfortunately, operations in the real world mean that there will never > be a universally-interoperable algorithm ... The IETF requirement levels apply to implementations of a standard, and mandatory just means that the product must be capable of using a particular algorithm. The goal is to encourage interoperability by ensuring that anyone who wishes to use the baseline capability will have it available if they have a TLS-compliant product. Determining whether the baseline capability is enabled or not is a policy matter to be decided by the user/sysadmin/SSO, and the IETF is explicitly silent on policy. The actual level of interoperability in the real world will be determined by those configuration/policy decisions. In theory, the working group could decide to have no mandatory algorithms and make all of them optional, but it might have trouble convincing the IESG to approve a document that did not define a required (lowest common denominator?) baseline capability. Given that some set of CipherSuites is designated as mandatory, that set should not include proprietary algorithms when acceptable non-proprietaty alternatives exist.Received on Friday, 20 December 1996 18:00:09 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:12 UTC