Re: Last ditch proposal for crypto suites

[Eric Rescorla <ekr@rtfm.com>]

Paul Koning <pkoning@equallogic.com> writes:

> >>>>> "Hilarie" == The Purple Streak <The> writes:
> 
>  Hilarie> I think the original argument against suites came from
>  Hilarie> observing how many SSL had.
> 
> True, but in practice only about one was implemented... :-)
Pretty much all msjor implementations support:

RSA*RC4*{MD5,SHA}
RSA*{DES,3DES}*SHA

And this will soon include AES.

> At least 75% of that quantity comes from obsolete political
> considerations. If you delete all "*export*" and all DES and DES40
> suites, the list is pretty small.
I'm not sure what you mean by political considerations.

The only political considerations I know of in the original
SSLv3 documents were the export cipher suites. There were
perfectly good reasons to have DES, 3DES, and RC4 (though
the reasons for DES are diminished by AES). 

I suspect you may be referring to the DH/DSS cipher suites
as well. I don't know for sure why those were there, but
I don't believe that it was in fact political, since it
was done before DH/DSS went royalty free and Netscape
had an RSA license anyway.

-Ekr



-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/