ietf-nntp TLS cipher renegotation to NULL cipher

Russ Allbery rra at stanford.edu
Wed Feb 12 12:13:04 PST 2003 

Ken Murchison <ken at oceana.com> writes:

> It appears from the incredible pace at which the other workproducts of
> the NNTP related WGs are proceeding, that there tends to be a habit of
> trying to find solutions to problems that don't yet exist or
> bickering/obsessing on details that can be resolved after testing. Let's
> not do that here.  Also, blindly dismissing the advice of others that
> have been there and done that (eg, IMAP, SMTP, POP) will probably
> continue to stunt progress of this WG and/or make it difficult to get
> anything past the IETF/IESG.

The problems with this working group have not actually been with this sort
of thing.  Our charter is very specific, and the working group is in
general pretty good at ignoring people who keep trying to bring up issues
outside our charter.  The delay has more been due to human resources in
getting things written up and added to the draft.

Right now, Clive is working on merging all of our pending changes into the
draft and changing formats to RFC 2629.  This is work that's going to be
fairly silent for a little while, but then we should be able to bring the
base draft to a conclusion fairly quickly.  We're essentially done; we
just need to hammer out some formatting and structure issues and adopt
final HDR and OVER wording, and we're all set for last call.

> Now, lets get some friggin' drafts out the door and get some
> implementations to test with.  Cyrus is already done, I just need some
> text to be compliant with.  Rome wasn't built in a day, but they sure as
> shit laid a few bricks once in a while.

I don't think there are any outstanding issues preventing the AUTHINFO and
TLS draft or drafts from being published as I-Ds.  After all, an I-D is a
working document and will change later.  I certainly don't mind having the
first I-D published without talking about cipher downgrades and adding
that in later, if it seems worthwhile from implementation.

Andrew's hard data makes me think that it's more likely than not to be an
issue, though.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the ietf-nntp mailing list