[Cryptography] Suite B after today's news

Ben Laurie ben at links.org
Sat Sep 7 16:40:39 EDT 2013

On 7 September 2013 18:47, Ralph Holz <ralph-cryptometzger at ralphholz.de>wrote:

> Hi,
> On 09/07/2013 12:50 AM, Peter Gutmann wrote:
> >> But for right now, what options do we have that are actually implemented
> >> somewhere? Take SSL. CBC mode has come under pressure for SSL (CRIME,
> >> etc.), and I don't see any move towards TLS > 1.0.
> >
> > http://tools.ietf.org/html/draft-gutmann-tls-encrypt-then-mac-02 fixes
> all of
> > these, I just can't get any traction on it from the TLS WG chairs.  Maybe
> Exactly, precious little movement on that front. Sadly.
> BTW, I do not really agree with your argument it should be done via TLS
> extension. I think faster progress could be made by simply introducing
> new allowed cipher suites and letting the servers advertise them and
> client accept them - this possibly means bypassing IETF entirely. Or, to
> keep them in, do it in TLS 1.3. But do it fast, before people start
> using TLS 1.2.

I agree. But I think the ciphersuites should be backported to all previous

> I don't really see the explosion of cipher suite sets you give as a
> motivation - e.g. in SSH, where really no-one seems to use the
> standards, we have a total of 144 or so cipher suites found in our
> scans. Yet the thing works, because clients will just ignore the weird
> ones. It should be possible in SSL, too, unless openssl/gnutls/nss barfs
> at an unexpected suite name - but I don't think so.


> Ralph
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130907/f75ef6fc/attachment.html>

More information about the cryptography mailing list