[147631] in cryptography@c2.net mail archive
Re: [Cryptography] Crypto Standards v.s. Engineering habits - Was:
daemon@ATHENA.MIT.EDU (ianG)
Fri Oct 11 13:38:39 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 11 Oct 2013 15:28:33 +0300
From: ianG <iang@iang.org>
To: cryptography@metzdowd.com
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C711D74E506E@USMBX1.msg.corp.akamai.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 10/10/13 17:58 PM, Salz, Rich wrote:
>> TLS was designed to support multiple ciphersuites. Unfortunately this opened the door
>> to downgrade attacks, and transitioning to protocol versions that wouldn't do this was nontrivial.
>> The ciphersuites included all shared certain misfeatures, leading to the current situation.
>
> On the other hand, negotiation let us deploy it in places where full-strength cryptography is/was regulated.
That same regulator that asked for that capability is somewhat prominent
in the current debacle.
Feature or bug?
> Sometimes half a loaf is better than nothing.
A shortage of bread has been the inspiration for a few revolutions :)
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography