[Cryptography] FREAK attack
rsalz at akamai.com
Thu Mar 5 08:10:51 EST 2015
I know you hate cryptographic agility. So, riddle me this.
Make a timeline for the past 15 years. Which ONE cipher suite should SSL/TLS have used?
And then, once that timeline is defined, can you describe, loosely, the protocol changes needed to deploy. But more importantly, if "pick a cipher" isn't part of the initial connection, does it become "pick a version"? Or does the client connect 'n' times, with the associated TCP overhead?
Senior Architect, Akamai Technologies
IM: rsalz at jabber.me Twitter: RichSalz
More information about the cryptography