Re: so why is IETF stilling adding DES to protocols? (Re: It's official... DES is History)

Fri, 25 Jun 1999 09:41:45 -0700 

In <[EMAIL PROTECTED]>,
on 06/25/99 
   at 08:22 AM, Lucky Green <[EMAIL PROTECTED]> said:

>IMNSHO,
>DES or RC4-40 have no business being in any IETF standard. If that means
>there won't be an IETF standard, fine. And if that means that deployment
>of a known insecure technology will be slowed due to lack of
>standatization, better still. Considering the alternative, a "security"
>architecture designed to be be weak that will remain around for backwards
>capability for decades, no TLS today wold be much better for the future
>of the Internet than TLS with DES.

>The inclusion of weak ciphers in TLS is really just a symptom of a much
>more severe problem: the IETF is no longer under the control of the
>geeks. Sound engineering is being replaced by "feel good" politics. 128
>times XOR, 128 bit IDEA, who cares how good the tech is. As long as we
>can tell the customer we are standards compliant. [I know Jeff does not
>fall into this category. He has done an admirable job. Perhaps nobody can
>forever hold back the tide of politcial control over engineering].

I think there is something even more troubling, allowing Netscape &
Micky$loth control the standardization process. These two companies have
historically ignored, modified, & bastardized standards to fit their own
goals. They will continue to do so in the future. It really does not
matter to them what is written in the RFC's, because at the first
opportune moment, they will ignore them. In the area of security, it is
quite clear that they are much more concerned with product sales than
their customers security.

The IETF should do the right thing here and not give aid and comfort to
these companies who are trying to use the standards process to increase
sales at the expense of their customers.

-- 
---------------------------------------------------------------
William H. Geiger III  http://www.openpgp.net
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii

Hi Jeff!! :)
---------------------------------------------------------------

Reply via email to