At 11:18 AM 11/6/97 -0500, Rodney Thayer wrote:
My point is that TLS was ordered to use DSS/DH and 3DES rather than RSA and
RC4 as the MUST.
Quite true. The latest (and hopefully final) version of TLS has DSS/DH a
MUST and 3DES a MUST. Because there is no direct interoperability with
earlier versions of SSL, there are no SHOULDs, but there is a long list of
IDs so people will know the algorithm identifiers for other commonly used
algorithms like RSA.
Using encumbered algorithms as non-MUST algorithms is fine.
This is my understanding of the IESG's current thinking as well.
Analyzing 2026 to death rather than finding out what the IETF really does
is why I started this comment.
And it's quite right. The IESG has offered verbal guidance about how they
currently interpret RFC 2026, and that guidance boils down to (I think) "if
there is an unencumbered alternative, you may not require an encumbered
algorithm, but you may list it as a suggested one, particularly for
compatibilty with earlier work."
--Paul Hoffman, Director
--Internet Mail Consortium