[146921] in cryptography@c2.net mail archive
Re: [Cryptography] What TLS ciphersuites are still OK?
daemon@ATHENA.MIT.EDU (james hughes)
Mon Sep 9 18:36:35 2013
X-Original-To: cryptography@metzdowd.com
From: james hughes <hughejp@mac.com>
In-reply-to: <CAG5KPzwpVgvEuuLTzKXHKgmzqp8PbD5SZLy028h7t-nQHHhZgw@mail.gmail.com>
Date: Mon, 09 Sep 2013 14:32:17 -0700
To: Ben Laurie <ben@links.org>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>,
james hughes <hughejp@mac.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============1929390270688255097==
Content-type: multipart/alternative;
boundary="Apple-Mail=_44B164B2-4B2E-4353-8D55-E50E50BFAAF9"
--Apple-Mail=_44B164B2-4B2E-4353-8D55-E50E50BFAAF9
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=iso-8859-1
On Sep 9, 2013, at 9:29 AM, Ben Laurie <ben@links.org> wrote:
> Perry asked me to summarise the status of TLS a while back ... luckily =
I don't have to because someone else has:
>=20
> http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
>=20
> In short, I agree with that draft. And the brief summary is: there's =
only one ciphersuite left that's good, and unfortunately its only =
available in TLS 1.2:
>=20
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+1=20
I have read the document and it does not mention key lengths. I would =
suggest that 2048 bit is large enough for the next ~5? years or so. 2048 =
bit for both D-H and RSA. How are the key lengths specified?=20
--Apple-Mail=_44B164B2-4B2E-4353-8D55-E50E50BFAAF9
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
charset=iso-8859-1
<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On Sep 9, 2013, at 9:29 AM, Ben Laurie <<a href="mailto:ben@links.org">ben@links.org</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">Perry asked me to summarise the status of TLS a while back ... luckily I don't have to because someone else has:<div><br></div><div><a href="http://tools.ietf.org/html/draft-sheffer-tls-bcp-00">http://tools.ietf.org/html/draft-sheffer-tls-bcp-00</a><br>
</div><div><br></div><div>In short, I agree with that draft. And the brief summary is: there's only one ciphersuite left that's good, and unfortunately its only available in TLS 1.2:</div><div><br></div><div><pre class="" style="font-size: 1em; margin-top: 0px; margin-bottom: 0px; ">TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</pre></div></div></blockquote><br></div><div>+1 </div><div><br></div><div>I have read the document and it does not mention key lengths. I would suggest that 2048 bit is large enough for the next ~5? years or so. 2048 bit for both D-H and RSA. How are the key lengths specified? </div><div><br></div><div><br></div></body></html>
--Apple-Mail=_44B164B2-4B2E-4353-8D55-E50E50BFAAF9--
--===============1929390270688255097==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============1929390270688255097==--
