Re: [TLS] TLS 1.2 draft comments
EKR <ekr@networkresonance.com> Sun, 31 December 2006 16:38 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H13hW-00023O-K7; Sun, 31 Dec 2006 11:38:22 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H13hV-00022V-Pm for tls@ietf.org; Sun, 31 Dec 2006 11:38:21 -0500
Received: from c-69-181-78-47.hsd1.ca.comcast.net ([69.181.78.47] helo=delta.rtfm.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H13hU-0003UV-Fi for tls@ietf.org; Sun, 31 Dec 2006 11:38:21 -0500
Received: by delta.rtfm.com (Postfix, from userid 1001) id 1C86A1CC61; Sun, 31 Dec 2006 08:37:04 -0800 (PST)
To: Omirjan Batyrbaev <batyr@sympatico.ca>
Subject: Re: [TLS] TLS 1.2 draft comments
References: <BAY103-DAV17E2A403A0F53177A5D23792C50@phx.gbl> <868xgp594m.fsf@delta.rtfm.com> <BAY103-DAV18B3EF60CDF312016ABCF892C40@phx.gbl> <000701c72cf4$3f171c30$07ae5e41@pbo8f8e10aowa>
From: EKR <ekr@networkresonance.com>
Date: Sun, 31 Dec 2006 08:37:03 -0800
In-Reply-To: <000701c72cf4$3f171c30$07ae5e41@pbo8f8e10aowa> (Omirjan Batyrbaev's message of "Sun, 31 Dec 2006 10:56:34 -0500")
Message-ID: <86slew10pc.fsf@delta.rtfm.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.2 (/)
X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
"Omirjan Batyrbaev" <batyr@sympatico.ca> writes: >> 2. CIPHERSPEC, EXPORT >> >> If the 40-bit export ciphersuites are being deprecated, > > But some constrained enviroments do need 40-bit "export" ciphersuites. I'm not aware of any such environment. Can you please name them? > Besides since the NULL encryption ciphersuites exist why can't 40-bit > "export" ciphersuites exist too? Because there's no good reason for them to exist and the key weakening primitive adds substantial complexity to the protocol. > If needed the TLS client and server always > can neogtiate a stronger encryption so why the depreciation (and what it > would exactly mean to the implementations). Here's the relevant text from 4346. So, actually, they're already deprecated. When SSLv3 and TLS 1.0 were designed, the United States restricted the export of cryptographic software containing certain strong encryption algorithms. A series of cipher suites were designed to operate at reduced key lengths in order to comply with those regulations. Due to advances in computer performance, these algorithms are now unacceptably weak, and export restrictions have since been loosened. TLS 1.1 implementations MUST NOT negotiate these cipher suites in TLS 1.1 mode. However, for backward compatibility they may be offered in the ClientHello for use with TLS 1.0 or SSLv3-only servers. TLS 1.1 clients MUST check that the server did not choose one of these cipher suites during the handshake. These ciphersuites are listed below for informational purposes and to reserve the numbers. -Ekr _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] TLS 1.2 draft comments home_pw
- Re: [TLS] TLS 1.2 draft comments EKR
- Re: [TLS] TLS 1.2 draft comments home_pw
- Re: [TLS] TLS 1.2 draft comments EKR
- Re: [TLS] TLS 1.2 draft comments home_pw
- Re: [TLS] TLS 1.2 draft comments Omirjan Batyrbaev
- Re: [TLS] TLS 1.2 draft comments EKR
- Re: [TLS] TLS 1.2 draft comments EKR
- Re: [TLS] TLS 1.2 draft comments Omirjan Batyrbaev
- Re: [TLS] TLS 1.2 draft comments EKR
- Re: [TLS] TLS 1.2 draft comments home_pw