[Cryptography] FREAK attack

[ianG]

On 5/03/2015 13:10 pm, Salz, Rich wrote:
> I know you hate cryptographic agility.  So, riddle me this.
>
> Make a timeline for the past 15 years.  Which ONE cipher suite should SSL/TLS have used?


Ha!  Excellent thought experiment.  So, you are setting a 15 year 
timeframe?  Well, bear in mind that *all* of your other suites would 
also have to achieve that ;) but here goes:


V. Intr. Term.    Suite.

1. 1994  2004     RSA1, DES, MD5, CBC

2. 1999  2009     DSA1/DH, T-DES, SHA1, CBC, HMAC

3. 2004  2014     RSA2, AES128, SHA256, (???), HMAC

4. 2009  2019     EC???, (???)

5. 2014  2024     EC???, Chacha20, Poly1305

6. 2019  2029     EC???, CAESAR


> And then, once that timeline is defined, can you describe, loosely, the protocol changes needed to deploy.  But more importantly, if "pick a cipher" isn't part of the initial connection, does it become "pick a version"?  Or does the client connect 'n' times, with the associated TCP overhead?


Announce versions being N and N+1.  Pick the latest one agreed.  Only 
implement 2 versions in the packet.



iang


ps; the reason for the ??? is absence of sufficient knowledge beyond a 
10m post.