Re: [TLS] Issue 56: AES as MTI

Russ Housley <housley@vigilsec.com> Fri, 14 September 2007 23:34 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWKgL-0005za-5F; Fri, 14 Sep 2007 19:34:41 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWKgJ-0005zT-6t for tls@ietf.org; Fri, 14 Sep 2007 19:34:39 -0400
Received: from woodstock.binhost.com ([66.150.120.2]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1IWKgI-0007p7-1d for tls@ietf.org; Fri, 14 Sep 2007 19:34:39 -0400
Received: (qmail 29029 invoked by uid 0); 14 Sep 2007 23:34:29 -0000
Received: from unknown (HELO THINKPADR52.vigilsec.com) (96.231.48.203) by woodstock.binhost.com with SMTP; 14 Sep 2007 23:34:29 -0000
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Fri, 14 Sep 2007 19:34:33 -0400
To: Eric Rescorla <ekr@networkresonance.com>, Nelson B Bolyard <nelson@bolyard.com>
From: Russ Housley <housley@vigilsec.com>
Subject: Re: [TLS] Issue 56: AES as MTI
In-Reply-To: <20070914214358.27C8633C21@delta.rtfm.com>
References: <20070912231150.ED1D533C21@delta.rtfm.com> <65C7072814858342AD0524674BCA2CDB0D2E6E3E@rsana-ex-hq2.NA.RSA.NET> <20070912232636.2B5FE33C21@delta.rtfm.com> <5E75C29FF611C298B79DC0E1@[10.1.110.5]> <46EAF8E2.8090202@bolyard.com> <20070914214358.27C8633C21@delta.rtfm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a
Cc: Chris Newman <Chris.Newman@Sun.COM>, tls@ietf.org, "Yee, Peter" <pyee@rsasecurity.com>
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Message-Id: <E1IWKgL-0005za-5F@megatron.ietf.org>

This has always been the case.  It ensures that there is a 
ciphersuite that can be negotiated between all implementations 
(unless it is explicitly turned off by policy controls).

Russ


At 05:43 PM 9/14/2007, Eric Rescorla wrote:
>At Fri, 14 Sep 2007 14:10:58 -0700,
>Nelson B Bolyard wrote:
> >
> > Chris Newman wrote:
> > > As far as I can tell, the real-world MTI for SSL/TLS as deployed is
> > > RC4.  I dislike it when the real world MTI and the specified MTI differ
> > > and the specification fails to explain the difference.
> >
> > I think the RFC does not need a Mandatory Cipher Suite.
>
>I don't believe that that's on the table. As I understand IESG
>policy, it's that there must be a Mandatory To Implement cipher
>suite. Tim? Sam?
>
>-Ekr
>
>
>_______________________________________________
>TLS mailing list
>TLS@lists.ietf.org
>https://www1.ietf.org/mailman/listinfo/tls


_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls