- From: David P. Kemp <dpkemp@missi.ncsc.mil>
- Date: Fri, 20 Dec 1996 17:56:16 -0500
- To: dpkemp@missi.ncsc.mil, karlton@netscape.com
- Cc: ietf-tls@www10.w3.org
> > But the standard, mandatory-to-implement, universally-interoperable > > algorithm cannot be proprietary. > > Unfortunately, operations in the real world mean that there will never > be a universally-interoperable algorithm ... The IETF requirement levels apply to implementations of a standard, and mandatory just means that the product must be capable of using a particular algorithm. The goal is to encourage interoperability by ensuring that anyone who wishes to use the baseline capability will have it available if they have a TLS-compliant product. Determining whether the baseline capability is enabled or not is a policy matter to be decided by the user/sysadmin/SSO, and the IETF is explicitly silent on policy. The actual level of interoperability in the real world will be determined by those configuration/policy decisions. In theory, the working group could decide to have no mandatory algorithms and make all of them optional, but it might have trouble convincing the IESG to approve a document that did not define a required (lowest common denominator?) baseline capability. Given that some set of CipherSuites is designated as mandatory, that set should not include proprietary algorithms when acceptable non-proprietaty alternatives exist.
Received on Friday, 20 December 1996 18:00:09 UTC