Has anyone sent a query to Win Treese <[EMAIL PROTECTED]> [TLS WG chair] and perhaps the area directors looking for guidance?
The TLS Protocol Version 1.0 is in the process of being re-issued: http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc2246-bis-01.txt and clearly this problem should be addressed in that document and by the working group. If this has not already been brought to their attention, let me know and I will do so. - Jeff > Hmm, there's a problem that haven't been addressed at all by the > IETF. SSLv3 contains the following as part of it's ciphersuite: > > The final cipher suites are for the FORTEZZA token. > > CipherSuite SSL_FORTEZZA_KEA_WITH_NULL_SHA = { > 0X00,0X1C }; > CipherSuite SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = { > 0x00,0x1D }; > CipherSuite SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = { > 0x00,0x1E }; > > Please note how the last one clashes with the first of the KRB5 > suite. Also, when one looks at RFC 2246 (TLS), there's this note at > the end of section A.5: > > Note: The cipher suite values { 0x00, 0x1C } and { 0x00, 0x1D } are > reserved to avoid collision with Fortezza-based cipher suites > in > SSL 3. > > which indicates that SSL_FORTEZZA_KEA_WITH_RC4_128_SHA was not > considered or entirely dropped. Still a clash, and I honestly > wouldn't have any idea on what to do with this. > > If it wasn't for this, I'd apply the needed changes immediately. As > it is now, I'd like to see this issue cleared first. > Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/ Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
