ietf-nntp TLS cipher renegotation to NULL cipher
Ken Murchison
ken at oceana.com
Wed Feb 12 12:55:21 PST 2003
Russ Allbery wrote:
>
> The problems with this working group have not actually been with this sort
> of thing. Our charter is very specific, and the working group is in
> general pretty good at ignoring people who keep trying to bring up issues
> outside our charter. The delay has more been due to human resources in
> getting things written up and added to the draft.
Ok. That's fair, but... (not wanting to dig up any skeletons, but
curious)
Didn't Stan start working on the base draft at least 5 years ago? That
seems like an awful long time for an update to an existing protocol. I
doubt that Stan was _that_ slow in making updates. In fact, I attended
the nntpext IETF meeting in Pittsburgh (2 1/2 years ago) and I got the
impression that Stan worked his butt off on this thing.
> I don't think there are any outstanding issues preventing the AUTHINFO and
> TLS draft or drafts from being published as I-Ds. After all, an I-D is a
> working document and will change later. I certainly don't mind having the
> first I-D published without talking about cipher downgrades and adding
> that in later, if it seems worthwhile from implementation.
Couldn't agree more. That was the point I was trying to make, while
trying not to get _too_ worked up :)
> Andrew's hard data makes me think that it's more likely than not to be an
> issue, though.
That might be true. I'm curious how these numbers would change if the
client (are we talking endusers or peers?) used session resumption
and/or compression.
But lets wait on that discussion until after we get some code to test
with.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list