[146963] in cryptography@c2.net mail archive
Re: [Cryptography] What TLS ciphersuites are still OK?
daemon@ATHENA.MIT.EDU (Peter Fairbrother)
Tue Sep 10 12:04:52 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 10 Sep 2013 15:57:34 +0100
From: Peter Fairbrother <zenadsl6186@zen.co.uk>
To: Ben Laurie <ben@links.org>
In-Reply-To: <CAG5KPzzD3-4YcpLzcomytcW=G8UspsjQo+ZFy-HL5CSY4fOsfw@mail.gmail.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>,
james hughes <hughejp@mac.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 10/09/13 14:03, Ben Laurie wrote:
> On 10 September 2013 03:59, james hughes <hughejp@mac.com
> <mailto:hughejp@mac.com>> wrote:
[...]
>>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
> I retract my previous "+1" for this ciphersuite. This is hard coded
> 1024 DHE and 1024bit RSA.
>
>
> It is not hard coded to 1024 bit RSA. I have seen claims that some
> platforms hard code DHE to 1024 bits, but I have not investigated these
> claims. If true, something should probably be done.
Yes - hard code them all to 1024-bit. Then dump
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 in the bin where it belongs.
Then replace it with a suite such as
TLS_DHE2048_WITH_RSA2048_WITH_AES_128_GCM_SHA256.
Would a non-cryptographer know what
TLS_DHE2048_WITH_RSA2048_WITH_AES_128_GCM_SHA256 meant? No. So for
heaven's sake call it Ben's_suite or something, with a nice logo or
icon, not TLS_DHE2048_WITH_RSA2048_WITH_AES_128_GCM_SHA256.
They won't know what Ben's_suite means either, but they may trust you
(or perhaps not, if you are still Working for Google ...)
The problem with TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is that you don't
know what you are getting.
[ The other problem is of course that the main browsers don't make it
easy to find out which suite is actually in use ... :( ]
Hmmm, can a certificate have several keylengths to choose from? And, if
the suite allows it, can a certificate have an RSA key for
authentication and a different RSA key for session key setup (cf RIPA)?
-- Peter Fairbrother
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
