-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Eric Rescorla wrote:
Will Price <wprice(_at_)cyphers(_dot_)net> writes:
Another important point about backwards compatibility: the
current OpenPGP/TLS draft already has well over a million
deployed clients. Every PGP client since I believe 6.0.0
(September 1998) supports PGPtls as described in the draft, and
every PGP Keyserver since that time period also supports PGPtls.
I don't find this argument very convincing. You implement things
that are Internet-Drafts at your own risk. That's why every I-D
has a disclaimer at the top. If popularity were the criterion
for standardization, we could disband the IETF and just wait
for Microsoft to tell us what the standard was.
We published the draft, then we implemented, then we published code.
This is standard procedure for anybody in the IETF. Implementations
and implementation experience are critical factors in the WG, and if
they could be ignored then TLS/SSL would be quite different today I'm
sure you'll admit.
In addition to ignoring all the fielded uses and implementations
of OpenPGP/TLS, Nikos' proposed changes also suffer from the
dependency problem on the TLSEXT draft,
This is a feature not a bug.
Definitely seems like a bug to me. When I originally designed this,
it was clear that TLS should have had a standard way of choosing a
certificate type much like IKE does. I believe I raised this issue on
the list at the time and the response of the list was IIRC muted
agreement, but there were no plans for a new version of the TLS draft
so it wasn't a discussion that was going to go anywhere. The others I
spoke with in the WG felt that using the cipher suite field was the
way to go.
Writing a draft for a new certificate type which defines an impromptu
technique for how to negotiate an OpenPGP certificate type is clearly
not the way to go. TLS should always have had a certificate type
field built-in. Were TLS to have such a standardized method, the
OpenPGP/TLS draft should be modified to adopt that.
However, it's not particularly important that such a method be
developed. No more than 2 perhaps 3 certificate types will survive
into the future, so that doesn't appear to be a serious concern.
Worrying about running out of 16 bit space for cipher suites is
unnecessary to me. We should now and should always have been
conservative about which cipher suites get assigned numbers. No more
than 20 cipher suites are in active use today, and going forward into
the future I expect those to change but the overall number of
actively used cipher suites will get smaller converging on the
popular few.
- -- Will
Will Price, Director of Engineering
PGP Security, Inc.
a division of Network Associates, Inc.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.1
iQA/AwUBPEePtay7FkvPc+xMEQLJ2ACg5/R+TIlgEpWe4hZOQbjjodFNfyYAn0A8
hskbpVu9J97s/Orw23zs3yzB
=Kv8s
-----END PGP SIGNATURE-----