-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Eric Rescorla wrote:
Will Price <wprice(_at_)cyphers(_dot_)net> writes:
History shows that is not actually true. For instance, TLS is
almost identical to SSL. Why is this? Is it because
"implementation
experience" showed that SSL was simply the One True Way to write
a transport security protocol? No. It's because there was a large
SSL installed base of which the TLS designers wanted to take
advantage, and thus the more identical the protocol was the more
it would be accepted.
Funny, I think of the TLS experience the opposite way: Despite
the fact that SSL had an enormous installed base TLS is
incompatible with SSL.
- From an implementation experience point of view, I would say
that the last four years have demonstrated the cipher suite space
issue is not an issue, and the "we're going to run out of space"
argument is the only one made to defend this negotiation proposal
which depends on an extension proposal.
No. Even in the absence of the cipher suite depletion argument,
your approach would be a clumsy hack. Orthogonality is a good
thing.
Orthogonality? Like the orthogonality of lumping the cipher type,
key length, hash type, key exchange type, and export status into one
sixteen bit number? I don't think so. Sorry, that argument doesn't
fly in the context of TLS. The Orthogonality to the Nth degree
doorway is in the IPsec WG.
For TLS 1.0, the cipher suite remains the right place to put this.
What we wanted in 1998, and what we still want today is a TLS 1.1
which has a field for the certificate type.
I think we both agree in principle that certificate type should have
had its own field. The difference is that you're willing ditch
backwards compatibility and change OpenPGP/TLS to include its own
clumsy hack for specifying the certificate type and depend on yet
another draft, whereas we've done things the TLS 1.0 way in TLS 1.0
and would support fixing the protocol itself in a future rev.
- -- Will
Will Price, Director of Engineering
PGP Security, Inc.
a division of Network Associates, Inc.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.1
iQA/AwUBPEeuHay7FkvPc+xMEQI3rACglfiwns8NBx0Eq0VrCgsemE77rNMAoOdc
vqYhnUOI8eod+jgAT5Jmj5zt
=rydy
-----END PGP SIGNATURE-----