ISSUE-128 Strong / weak algorithms?

Another issue coming soon to a meeting near you. Same encouragement to 
bring up issues in email before hand. Two vast and trunkless legs of stone 
stand in the desert.

The ability to provide privacy and secure the connection between a user
agent and web server is in part determined by the strength and
capabilities of the TLS protocol and underlying cryptographic
mechanisms. The TLS protocol is versioned to keep pace with protocol
features and cipher suites that are available. Cipher suites are
grouped according to algorithms and the key length used by
cryptographic functions to provide cipher strength. Because of security
concerns with cipher capabilities due to increases in computational
power to break or crack cryptographic mechanisms, the TLS protocol is
periodically updated by the IETF organization to keep pace with
industry requirements. At time of this document creation the latest
version of the TLS protocol is noted as IETF RFC 4346
<> . This RFC may be superseded at a
later date.


Since the TLS protocol specification is a moving target, the TLS
protocol has functional requirements to allow the client and server to
restrict usage of ciphers that are not in agreement with policies that
govern the connection. Connection policy rules can include use of
cipher key strength, restrictions of cipher algorithms and can further
restrict accepted versions of the TLS protocol itself. 


Server and client policies SHOULD use the latest version of the TLS
protocol and establish the TLS connection with the strongest cipher
suites available if site or user policies expect secure exchange of

Received on Friday, 28 March 2008 18:51:58 UTC