IMNSHO,
DES or RC4-40 have no business being in any IETF standard. If that means
there won't be an IETF standard, fine. And if that means that deployment
of a known insecure technology will be slowed due to lack of
standatization, better still. Considering the alternative, a "security"
architecture designed to be be weak that will remain around for backwards
capability for decades, no TLS today wold be much better for the future of
the Internet than TLS with DES.
The inclusion of weak ciphers in TLS is really just a symptom of a much
more severe problem: the IETF is no longer under the control of the geeks.
Sound engineering is being replaced by "feel good" politics. 128 times
XOR, 128 bit IDEA, who cares how good the tech is. As long as we can tell
the customer we are standards compliant. [I know Jeff does not fall into
this category. He has done an admirable job. Perhaps nobody can forever
hold back the tide of politcial control over engineering].
--Lucky
On Fri, 25 Jun 1999, Jeffrey I. Schiller wrote:
>
> Actually for the TLS crowd, going to DES is a step up. I presume that the
> TLS WG is planning to use DES to replace the RC4 40 bit cipher that was used
> for export compliance. Normally we would not profile a weak cipher for use
> in export applications. We made an exception for TLS/SSL because it was
> already widely deployed and it didn't make sense to have this battle (the
> export control vs. strong security) hold up the standardization process for
> it.
>
> An interesting issue here is should we remove RC4 40 from TLS as a "price"
> for adding DES or should we require that both be removed before the next TLS
> document is published as a Proposed or Draft Standard. I would be interested
> in hearing people's opinions on this (though given the recipient list on
> this message, I have a pretty good idea what I am likely to hear!).
-- Lucky Green <[EMAIL PROTECTED]> PGP v5 encrypted email preferred.
