On 02/12/2013 12:42 AM, Nico Williams wrote: > On Mon, Feb 11, 2013 at 6:23 PM, Stephen Farrell > <stephen.farr...@cs.tcd.ie> wrote: >> On 02/12/2013 12:04 AM, Peter Gutmann wrote: >>> The problem with the cipher-suite explosion is that people want to throw in >>> vast numbers of pointless vanity suites and algorithms that no-one will ever >>> use >> >> On balance I think the ciphersuite approach is slightly better >> at being a slight counter to inevitable feature/cipher creep. > > The ability to give an answer like "we can't add your vanity cipher > suite because of cartesian explosion" seems like a weak justification > for the cartesian explosion approach.
Yep. (Notice the 2 x "slight" above:-) > > If we want a policy of limiting what cipher suites we allocate > codepoints to then we should have an *explicit* policy, and we should > not wimp out when it comes time to enforcing it. > > But I don't think we have such a policy at the IETF. Right. And IETF policy is set by IETF participants. If you'd like that to change, I'd say start on the saag list. > The IETF policy > regarding vanity cipher suites can be described as "following some > sturm und drang you'll get to have it, but only as OPTIONAL, described > in an Informational RFC." > > Given the de facto policy at the IETF cartesian explosion is just > silly -- so much foot self shooting. Let's stop. > >> It does at least cause people to pause when they are about to >> ask for another 96 ciphersuites as happened with certicom. >> >> I also agree that only a very very few of the 320 or so TLS >> ciphersuites are useful. The rest are just a PITA as far as I >> can see. (Yes, 320. Sigh. [1]) > > So how well did cartesian explosion work as an implicit anti-vanity > cipher suite policy work then? Not very well, evidently! :) Well, we don't know that. It might have been worse. > But I suspect that that was not the rationale way, way back when, back > when cartesian explosion was selected. The vanity cipher suite > disincentive rationalization strikes me as a post-hoc one, and it > doesn't work anyways. Its not a rationalization. I said "its slightly less bad" not "that's why it was done." I wasn't involved in SSL when that decision was made and have had little involvement in TLS at all really. But again, good ideas for helping improve things here would be welcomed. (Oh, but its the IETF, so someone else will also hate that same idea, but that's part of the beauty of going out and meeting folk:-) S. > > Please, let's go for an a-la-carte system. > > Nico > -- > > _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
