[NNTP] Re: Comments on draft-ietf-nntp-tls-nntp-05.txt
Russ Allbery
rra at stanford.edu
Tue May 24 12:03:58 PDT 2005
EKR <ekr at networkresonance.com> writes:
> Sure, but now we're into the "is this a worthwhile optimization" phase.
Right, understood. I do agree that that's a question to ponder.
> There's a substantial complexity cost to having SSL/TLS implementations
> rehandshake. If you just wanted to do NULL all the time, I'd have no
> real argument with that. It's the desire to negotiate RC4 (or whatever)
> and then back down to NULL that I think needs to be supported with
> measurements.
That makes sense. I don't think that down-negotiation is the approach
that anyone really wants; what we want is widespread deployment of a SASL
mechanism that encrypts the password but still sends it. Unfortunately,
widespread deployment of any new SASL mechanism takes a long time (for
good reasons). However, widespread deployment of TLS down-negotiation is
probably also not likely to happen quickly, so maybe that doesn't actually
help.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list