[Cryptography] Crypto Standards v.s. Engineering habits - Was: NIST about to weaken SHA3?
ianG
iang at iang.org
Fri Oct 11 08:28:33 EDT 2013
On 10/10/13 17:58 PM, Salz, Rich wrote:
>> TLS was designed to support multiple ciphersuites. Unfortunately this opened the door
>> to downgrade attacks, and transitioning to protocol versions that wouldn't do this was nontrivial.
>> The ciphersuites included all shared certain misfeatures, leading to the current situation.
>
> On the other hand, negotiation let us deploy it in places where full-strength cryptography is/was regulated.
That same regulator that asked for that capability is somewhat prominent
in the current debacle.
Feature or bug?
> Sometimes half a loaf is better than nothing.
A shortage of bread has been the inspiration for a few revolutions :)
iang
More information about the cryptography
mailing list