[146949] in cryptography@c2.net mail archive
Re: [Cryptography] What TLS ciphersuites are still OK?
daemon@ATHENA.MIT.EDU (Stephen Farrell)
Tue Sep 10 10:21:25 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 10 Sep 2013 14:10:40 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: Ben Laurie <ben@links.org>
In-Reply-To: <CAG5KPzz8_-4Q9jO0GWi_mDUnU_RQ0YnCYYJ8DdJenmd5ODmUyg@mail.gmail.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 09/10/2013 02:01 PM, Ben Laurie wrote:
>> Claiming that all the rest are no good also seems overblown, if
>> that's what you meant.
>
> Other than minor variations on the above, all the other ciphersuites have
> problems - known attacks, unreviewed ciphers, etc.
There are issues, sure. And way too many ciphersuites certainly.
> If you think there are other ciphersuites that can be recommended -
> particularly ones that are available on versions of TLS other than 1.2,
> then please do name them.
Since they're talking about it now on the TLS wg list, I'll
leave that them (and to folks who're qualified to figure if
the NIST, brainpool etc curves are ok, which doesn't include
me :-)
What I was pointing out is that there's a bit of a gap between
"no good" and "not what we'd recommend today." Since getting
rid of deployment of old stuff takes years, I think its
better that we don't overstate the issues that do exist. But
I very much welcome Yaron's draft and hope it shoots along
quickly.
S.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
