[Top] [All Lists]

Re: Last Call: SMTP Service Extension for Secure SMTP over TLS to Proposed Standard

2001-07-27 22:51:16

There are three primary cryptographic changes between SSLv3 and

at least one other significant change comes to mind - TLS requires 
implementation of TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA.
True, but this isn't a *cryptographic* change, it's simply a policy
change. SSLv3 included an equivalent cipher suite. 

In any case, I don't really see why this change is relevant to this
discussion: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is a must *implement*,
not a must *speak*. Since most servers have RSA certificates, even if
the implementation supports DSS ciphersuites, in practice the servers
do not. An implementation certainly cannot support only
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA and have any confidence
that it will be able to interoperate with other implementations
in practice.