[Cryptography] Crypto Standards v.s. Engineering habits - Was: NIST about to weaken SHA3?
Salz, Rich
rsalz at akamai.com
Thu Oct 10 10:58:57 EDT 2013
> TLS was designed to support multiple ciphersuites. Unfortunately this opened the door
> to downgrade attacks, and transitioning to protocol versions that wouldn't do this was nontrivial.
> The ciphersuites included all shared certain misfeatures, leading to the current situation.
On the other hand, negotiation let us deploy it in places where full-strength cryptography is/was regulated.
Sometimes half a loaf is better than nothing.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
More information about the cryptography
mailing list