[146742] in cryptography@c2.net mail archive
Re: [Cryptography] Suite B after today's news
daemon@ATHENA.MIT.EDU (Ralph Holz)
Sat Sep 7 14:52:25 2013
X-Original-To: cryptography@metzdowd.com
Date: Sat, 07 Sep 2013 19:47:12 +0200
From: Ralph Holz <ralph-cryptometzger@ralphholz.de>
To: cryptography@metzdowd.com
In-Reply-To: <E1VI4qq-00060c-Tr@login01.fos.auckland.ac.nz>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Hi,
On 09/07/2013 12:50 AM, Peter Gutmann wrote:
>> But for right now, what options do we have that are actually implemented
>> somewhere? Take SSL. CBC mode has come under pressure for SSL (CRIME, BEAST,
>> etc.), and I don't see any move towards TLS > 1.0.
>
> http://tools.ietf.org/html/draft-gutmann-tls-encrypt-then-mac-02 fixes all of
> these, I just can't get any traction on it from the TLS WG chairs. Maybe
Exactly, precious little movement on that front. Sadly.
BTW, I do not really agree with your argument it should be done via TLS
extension. I think faster progress could be made by simply introducing
new allowed cipher suites and letting the servers advertise them and
client accept them - this possibly means bypassing IETF entirely. Or, to
keep them in, do it in TLS 1.3. But do it fast, before people start
using TLS 1.2.
I don't really see the explosion of cipher suite sets you give as a
motivation - e.g. in SSH, where really no-one seems to use the
standards, we have a total of 144 or so cipher suites found in our
scans. Yet the thing works, because clients will just ignore the weird
ones. It should be possible in SSL, too, unless openssl/gnutls/nss barfs
at an unexpected suite name - but I don't think so.
Ralph
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography