[3936] in cryptography@c2.net mail archive
Re: AUCRYPTO: Bidzos pro-wassenaar posturing.
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Sun Jan 10 17:48:19 1999
From: "Enzo Michelangeli" <em@who.net>
To: "Darren Reed" <darrenr@reed.wattle.id.au>, "Julian Assange" <proff@iq.org>
Cc: <cryptography@c2.net>
Date: Sat, 9 Jan 1999 10:41:59 +0800
>[I figured I'd let people get out a message or two more but I don't
>think I'm going to let the Bidzos slamming run much longer. It isn't
>that I love him -- it is that I don't think the discussion is really
>what the readers of Cryptography want to be viewing in their
>mailboxes. --Perry]
Perry,
Please allow one more question related to this thread. It's not to bash
Bidzos, whom I neither especially love or hate, but to try to understand
what is going on.
It's been a while that I've been wondering why no popular browser (either
commercial or free) seems to support SSL3's
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA ciphersuite, which does not require any
algorithm controlled by RSADSI. The thing is puzzling, especially
considering that TLS requires it for minimum compliance (under the name
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA), and that Thawte has been offering
D-H/DSS certificates for a long time.
On this list, last July, Netscape's Jeff Weinstein said (in reply to a
question from myself):
>Current communicator/navigator supports DSS. We are working on DH, but
>I can't say yet when we will have it in a product.
A while ago I asked the Opera development team, and I was told that:
> We are planning to add DH/DSA but haven't gotten around to debug the code
> yet, also I will have to upgrade the certifcate handling first. Eric
> Young's changes in that code requires quite a few changes in my code.
>
> I know that TLS does have a DH-anon 3DES mandatory cipher, but at the
> moment I'll just have to be non-conformant on that point. I suspect it
will
> be more of a problem for NNTP over TLS than HTTP over TLS.
And to this date, Opera 3.51 still lacks support for D-H (despite claiming
TLS-compliance).
So, my question is: is anybody aware of any (official or unofficial)
licensing condition from RSADSI discouraging the use of ciphersuites based
on Diffie-Hellman key exchange? Or may we hope in TLS-compliant browsers
before September of next year?
Cheers --
Enzo
