[Cryptography] RC4 again (actual security, scalability and other discussion)

Nico Williams nico at cryptonector.com
Tue Mar 11 18:29:52 EDT 2014

On Mon, Mar 10, 2014 at 5:25 AM, ianG <iang at iang.org> wrote:
> Imagine going to PKIX and saying "oh, RC4 is fine, but can you make SSL
> opportunistic and phase out HTTP in favour of HTTPS, please?  Pretty
> please?"

[OT] Yeah, well, they'll tell you "wrong WG"  :)

But point taken.  This issue comes up a lot, and the answer is
generally resistance, as you point out.

I am definitely starting to think that HTTPS w/ DHE ciphersuites +
renego is the way to go: passive attackers can only use packet sizes
and timing to guess that renego is happening, and active attackers get
found out (probabilistically).  Add in DNSSEC and DANE and upgrading
to strong authentication is then relatively easy.

Of course, we're still missing DHE ciphersuites with ECC DH and modern
ciphers/modes.  Hmmm.


More information about the cryptography mailing list