[Cryptography] RC4 again (actual security, scalability and other discussion)

Nico Williams nico at cryptonector.com
Tue Mar 11 19:14:03 EDT 2014


On Tue, Mar 11, 2014 at 5:29 PM, Nico Williams <nico at cryptonector.com> wrote:
> Of course, we're still missing DHE ciphersuites with ECC DH and modern
> ciphers/modes.  Hmmm.

Sigh.  I meant, TLS_ECDH_anon_WITH_AES_xxx_GCM_SHAxxx and other such
ciphersuites.

I.e., you can't do anon ECDH in TLS and get a modern cipher with a
modern cipher mode and modern PRF.  This has been mentioned a few
times.  I've just asked the TLS WG about it.  The registry has
codepoints reserved for allocation via Standards Action and
Specification Required, so I ought to be able to register these
missing ciphersuites with an individual submission I-D with intended
status Informational.  I'll do so soon.  But I'm giving the WG a
chance to say they want it as a WG work item.

Nico
--


More information about the cryptography mailing list