- From: Rodney Thayer <rodney@sabletech.com>
- Date: Fri, 31 Jan 1997 09:52:45 -0500
- To: ietf-tls@www10.w3.org
There is an argument that says that TLS_NULL_WITH_NULL_NULL should definitely be implemented in production TLS implementations. It is useful for troubleshooting. Presumably such an implemenation would employ warnings, blinking lights, sirens, loud warnings, extra user prompts, or whatever it takes to ensure it was only used for testing. This is the Internet, and this is the IETF. We're supposed to be interested in realistic deployable systems. It should be possible for a bunch of smart people to build field-maintainable systems, using technologies such as TLS_NULL_WITH_NULL_NULL, in a safe and productive manner. (OK, all the crypto experts in the room can yell at me now. I'm ready!) >Ned Smith wrote: >> >> What is the correct way to interpret handling of the NULL ciphersuite >> for key exchange? >> >> The TLS spec (excerpts provided below) appears to be vague in its >> description of how key exchange handling is done if the NULL >> ciphersuite is negotiated. I don't recall seeing any statement >> indicating it is illegal to negotiate a NULL ciphersuite. My >> assumption is the NULL ciphersuite could be negotiated anytime it is >> legal to negotiate any other ciphersuite (its regular). > >I assume you mean TLS_NULL_WITH_NULL_NULL. Although the spec does not >explicitly forbid negotiating to this cipher suite, it should. If an >implementation allows negotiation to this cipher suite, it is open to >a rollback attack. > >-- >You should only break rules of style if you can | Tom Weinstein >coherently explain what you gain by so doing. | tomw@netscape.com -------- Rodney Thayer <rodney@sabletech.com> PGP Fingerprint: BB1B6428 409129AC 076B9DE1 4C250DD8
Received on Friday, 31 January 1997 09:55:27 UTC