Nico Williams <n...@cryptonector.com> writes:
>I'd go further: this could be the start of the end of the cipher suite
>cartesian product nonsense in TLS. Just negotiate {cipher, mode} and key
>exchange separately, or possibly cipher, mode, and key exchange, in just the
>same way as you propose negotiation of encrypt-then-MAC.
Nonononono, we learned from the IKE mess that the Chinese-menu approach is
vastly worse than the cipher-suite one. TLS has already tried the
Chinese-menu approach to algorithms in TLS 1.2's ECC stuff, and it's at least
as big a mess as IKE was (well, OK, I don't think anything can quite reach the
IKE level, but it's getting there), which is why I had to write this:
http://tools.ietf.org/html/draft-gutmann-tls-eccsuites-03
The problem with the cipher-suite explosion is that people want to throw in
vast numbers of pointless vanity suites and algorithms that no-one will ever
use (to quote Ian Grigg, "There is only one cipher suite and that is suite
#1"). Even for the ECC draft above, which is an attempt to unravel the mess
created by the Chinese-menu approach, I had requests to add all sorts of
vanity suites with no clear application, but people just wanted them anyway
(I've resisted so far, since the whole intent of the draft is to define a
fixed number of universal-standard suites that everyone supports).
What we really need is a two-way mechanism, a minimal interoperable set of
suites that everything does and then a free-for-all negotiation mechanism that
anyone who wants can implement to their hearts content and everyone else is
free to ignore (I'm a firm believer in "you asked for it, you got it" design,
if anyone wants the freedom to create a mess built into a standard then they
can take care of it themselves). This is a purely political/fashion problem,
not a technical one.
Peter.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
