Forwarding this message from ietf-tls.
As mentioned before, I agree with the suggested fix (do not use this ciphersuite). Andreas. -------- Original Message -------- Subject: [ietf-tls] Re: Ciphersuite 0x00 0x1e Date: Fri, 09 Aug 2002 19:21:33 +0000 From: David Hopwood <[EMAIL PROTECTED]> Reply-To: IETF Transport Layer Security WG <[EMAIL PROTECTED]> To: IETF Transport Layer Security WG <[EMAIL PROTECTED]> -----BEGIN PGP SIGNED MESSAGE----- Andreas Sterbenz wrote: > The SSL 3.02 spec (http://wp.netscape.com/eng/ssl3/draft302.txt) defines > it as SSL_FORTEZZA_KEA_WITH_RC4_128_SHA whereas RFC 2712 calls it > TLS_KRB5_WITH_DES_CBC_SHA. Presumably the cause is that an earlier > version of the SSL v3 spec > (http://wp.netscape.com/eng/ssl3/4-APPN.HTM#A-6) did not include this > ciphersuite. > > Does the WG have any suggestions as to how to resolve this conflict? Yes: deprecate this ciphersuite ID (i.e. say that clients SHOULD NOT include it in the client hello list). It's only single-DES, anyway. - -- David Hopwood <[EMAIL PROTECTED]> Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/ RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01 Nothing in this message is intended to be legally binding. If I revoke a public key but refuse to specify why, it is because the private key has been seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBPVQWIjkCAxeYt5gVAQEAmAf8CWRHfaU9U3wI6vyKFagNf2QssCAK3im8 K3WKY8aCIISlFANRBAqoWCYSfDhu3FtJ+xU92I8H4odOEXWWrlgRWZPVT+nqXMdg EMt/Jru4bYdP3mNpNMXntrVdnes/MCGQFLKbnCri5GyzNZwPzSDDuPVL3FE7tj0/ iEsd5xj5iO7vrIGAiTNZ5sBg2GyiSOibhirjXZU83pqoPlxkKYZLAQKqluvgljpW ne+6BsqjjsAbF6WdeRzkVCY0UWTAIfh8sJgA03YplWSUgzLlnzVFZKcHJDkFS3R5 EFnhr6KV2QAGCLeV2yDmoIHyfBfHHNF3nVvtIhJaibIEoBWof3/aLQ== =EWdw -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
