[Cryptography] FREAK attack
ianG
iang at iang.org
Tue Mar 10 15:46:34 EDT 2015
On 5/03/2015 13:10 pm, Salz, Rich wrote:
> I know you hate cryptographic agility. So, riddle me this.
>
> Make a timeline for the past 15 years. Which ONE cipher suite should SSL/TLS have used?
Ha! Excellent thought experiment. So, you are setting a 15 year
timeframe? Well, bear in mind that *all* of your other suites would
also have to achieve that ;) but here goes:
V. Intr. Term. Suite.
1. 1994 2004 RSA1, DES, MD5, CBC
2. 1999 2009 DSA1/DH, T-DES, SHA1, CBC, HMAC
3. 2004 2014 RSA2, AES128, SHA256, (???), HMAC
4. 2009 2019 EC???, (???)
5. 2014 2024 EC???, Chacha20, Poly1305
6. 2019 2029 EC???, CAESAR
> And then, once that timeline is defined, can you describe, loosely, the protocol changes needed to deploy. But more importantly, if "pick a cipher" isn't part of the initial connection, does it become "pick a version"? Or does the client connect 'n' times, with the associated TCP overhead?
Announce versions being N and N+1. Pick the latest one agreed. Only
implement 2 versions in the packet.
iang
ps; the reason for the ??? is absence of sufficient knowledge beyond a
10m post.
More information about the cryptography
mailing list