[Cryptography] OPENSSL FREAK
ianG
iang at iang.org
Mon Mar 23 21:12:57 EDT 2015
On 23/03/2015 18:11 pm, WebDawg wrote:
> I had a question that may seem a bit late but: why are/were the export
> ciphers still put into a current SSL suite?
The answer is in parts.
1. In the 1990s it was believed that cipher agility was a good thing.
Everyone had the right to propose their own pet algorithm and get it in
there. (Since then, we've figured out this is a very bad idea...)
1.b There was a notion that having extra ciphers was good because we
could always switch over if the need ever arose...
2. Nobody created a plan, or a protocol, or a ceremony, or anything
that actually told us how 1 billion browser users and 1 million server
sysadmins would actually ... switch. So when the time came, the switch
couldn't be used, and wasn't relevant.
2.b And of course, there was no plan/process/ceremony/desire to retire
any algorithms.
iang
More information about the cryptography
mailing list