- From: Donald L. Decker <wavetalk@amnorth.com>
- Date: Sat, 21 Dec 1996 10:25:32 -0500
- To: "David P. Kemp" <dpkemp@missi.ncsc.mil>
- CC: karlton@netscape.com, ietf-tls@www10.w3.org
David P. Kemp wrote: > > > > But the standard, mandatory-to-implement, universally-interoperable > > > algorithm cannot be proprietary. > > > > Unfortunately, operations in the real world mean that there will never > > be a universally-interoperable algorithm ... > > The IETF requirement levels apply to implementations of a standard, and > mandatory just means that the product must be capable of using a particular > algorithm. The goal is to encourage interoperability by ensuring that > anyone who wishes to use the baseline capability will have it available > if they have a TLS-compliant product. > > Determining whether the baseline capability is enabled or not is a > policy matter to be decided by the user/sysadmin/SSO, and the IETF is > explicitly silent on policy. The actual level of interoperability in the > real world will be determined by those configuration/policy decisions. > > In theory, the working group could decide to have no mandatory algorithms > and make all of them optional, but it might have trouble convincing the > IESG to approve a document that did not define a required (lowest common > denominator?) baseline capability. Given that some set of CipherSuites > is designated as mandatory, that set should not include proprietary > algorithms when acceptable non-proprietaty alternatives exist. How ever I got your service,it was a mistake. Please remove it I'm not reading it and I don't want to read it's only messing up my email. Thank you and I hope this is goodby.
Received on Saturday, 21 December 1996 10:24:39 UTC