[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: RE: [TLS] Status of IDEA and single-DES (ticket #64)
From: <Pasi.Eronen () nokia ! com>
Date: 2008-01-24 11:10:52
Message-ID: B356D8F434D20B40A8CEDAEC305A1F240528D0D6 () esebe105 ! NOE ! Nokia ! com
[Download RAW message or body]
Nelson B Bolyard wrote:
> Pasi.Eronen@nokia.com wrote, On 2008-01-22 00:41:
>
> > (2) Keep IDEA and single-DES in the TLS 1.2 main specification,
> > but include a short advice along the lines described above.
>
> I strongly prefer that choice.
>
> If we say "MUST NOT" or even merely remove the definitions of those
> suites from TLS 1.2, then interoperability problems will certainly
> arise. Servers will be created that reject client hellos that contain
> those cipher suite numbers, even if those hellos also include other
> cipher suite numbers that are acceptable.
Well, TLS 1.2 is *not* the master list of cipher suites, so if
servers reject client hellos that contain ciphers not listed
in TLS 1.2 spec, they will also break with clients that implement
e.g. RFC 2712, 4132, 4162, 4279, 4492, 4785, or 5054.
(And option 1 wasn't proposing merely removing these suites from
TLS 1.2 spec; it also included creating a new spec to contain
them.)
> I'd even go so far as to suggest that text be added stating that
> compliant TLS 1.2 implementations MUST NOT reject client hellos
> simply because those client hellos contain cipher suite numbers that
> are deprecated, or undefined in TLS 1.2, or are "MUST NOT" (as in
> export cipher suites) for TLS 1.2. If no acceptable cipher suite is
> found, that's a problem but no server should ever reject a client
> hello simply because it contains one or more cipher suite numbers
> that are unpopular.
>
> (Yes, I have seen servers that actually do that.)
I have to agree with Paul's comment about "new levels of cluelessness
among developers" here -- IMHO that behavior isn't compliant with the
spec even with the current text.
However, if you've actually seen that, then perhaps adding some
clarifying text would be in order. How about adding something along
these lines, to the end of paragraph starting "The CipherSuite list.."
in 7.4.1.2:
If the list contains cipher suites the server does not recognize,
support, or wish to use, the server MUST ignore those cipher
suites, and process the remaining ones as usual.
Best regards,
Pasi
_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic