In <[EMAIL PROTECTED]>, on 06/25/99
at 10:29 AM, "Jeffrey I. Schiller" <[EMAIL PROTECTED]> said:
>Ben Laurie wrote:
>> OpenSSL has them disabled by default. But I am torn on this question:
>> these new ciphersuites give greater strength than existing ones when
>> interopping with export stuff. Is it sensible to refuse to add stronger
>> ciphersuites? If it isn't, because they are crap, should we (the OpenSSL
>> team) disable _all_ export ciphersuites?
>Speaking as a user of OpenSSL... Today I can accept RC4-40 connection on
>my servers from export browsers. For many of my applications, this is a
>sufficient level of security (I refuse RC4-40 in applications where it is
>important). As the export browsers migrate to DES, I want to be able to
>accept them. After all, this would be an improvement. If OpenSSL were to
>remove support for RC4-40 and DES, I would have to find another solution.
>Refusing the connections is just not an option from a business
>perspective. There it is.
Perhaps you would do those that are connecting with weak, broken crypto a
service if you pointed them to http://www.replay.com and instructed them
to fortify their web browsers. Or even better yet point them to
http://www.operasoftware.com/ for a web browser that uses strong crypto
and is developed outside of the US so it doesn't have these stupid export
issues (though PGP has shown the way on how US companies can export their
crypto products without compromising the security of their customers).
There is no reason to use this kind of crypto and you are doing your
customers a disservice by doing so. It has been long held that bad
security was worse than no security at all because it gave the user a
false sense of security. If the data is important enough to encrypt, then
it is important enough to use full strength crypto, otherwise let them
send it in the clear, at least they will not have any illusions on the
security of their data.
>Now blessing DES and RC4-40 from a standards perspective is another
>matter. I will have discussions with the TLS Working Group about whether
>or not it is appropriate to continue to include them in the standard. I
>know people on this list would probably love to hear me state that I
>would refuse to approve new versions if they included them. However for
>me to make such a prejudicial statement is probably not appropriate until
>I have a chance to have a discussion with the working group itself. You
>can guess my sympathies!
Single DES, RC4-40, or any other weak crypto has no place in the IETF
standards. I though these kind of issues were put to rest during the
S/MIME debate. Now I see them rearing their ugly head again. If Netscape &
Microsoft are allowed to control the standard process, it will not be long
before there are no standards but their own.
--
---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
Hi Jeff!! :)
---------------------------------------------------------------
