Nico Williams <n...@cryptonector.com> writes: >I'd go further: this could be the start of the end of the cipher suite >cartesian product nonsense in TLS. Just negotiate {cipher, mode} and key >exchange separately, or possibly cipher, mode, and key exchange, in just the >same way as you propose negotiation of encrypt-then-MAC.
Nonononono, we learned from the IKE mess that the Chinese-menu approach is vastly worse than the cipher-suite one. TLS has already tried the Chinese-menu approach to algorithms in TLS 1.2's ECC stuff, and it's at least as big a mess as IKE was (well, OK, I don't think anything can quite reach the IKE level, but it's getting there), which is why I had to write this: http://tools.ietf.org/html/draft-gutmann-tls-eccsuites-03 The problem with the cipher-suite explosion is that people want to throw in vast numbers of pointless vanity suites and algorithms that no-one will ever use (to quote Ian Grigg, "There is only one cipher suite and that is suite #1"). Even for the ECC draft above, which is an attempt to unravel the mess created by the Chinese-menu approach, I had requests to add all sorts of vanity suites with no clear application, but people just wanted them anyway (I've resisted so far, since the whole intent of the draft is to define a fixed number of universal-standard suites that everyone supports). What we really need is a two-way mechanism, a minimal interoperable set of suites that everything does and then a free-for-all negotiation mechanism that anyone who wants can implement to their hearts content and everyone else is free to ignore (I'm a firm believer in "you asked for it, you got it" design, if anyone wants the freedom to create a mess built into a standard then they can take care of it themselves). This is a purely political/fashion problem, not a technical one. Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography