[Cryptography] OPENSSL FREAK
Tony Arcieri
bascule at gmail.com
Sat Mar 28 01:42:40 EDT 2015
On Tue, Mar 24, 2015 at 4:00 PM, ianG <iang at iang.org> wrote:
> 1. In the 1990s it was believed that cipher agility was a good thing.
>>> Everyone had the right to propose their own pet algorithm and get it in
>>> there. (Since then, we've figured out this is a very bad idea...)
>>>
>>
>> You answer is twisting facts. The export ciphers were not because
>> everyone could propose their own pet algorithm. The export ciphers were
>> part of the core SSL 3.0 specification. Whether the specification
>> allowed its extension beyond the export ciphers is irrelevant. Actually,
>> the fact that today we use AES instead of RC4-40 is just because SSL 3.0
>> had agility.
>>
>
> He :) well, what you're saying isn't so different, so, I'll move on.
Nikos's point is pretty important. Going back to what you said:
"In the 1990s it was believed that cipher agility was a good thing."
Cipher agility is definitely a good thing. The bad thing is failing to
disable insecure ciphers.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150327/44b0931a/attachment.html>
More information about the cryptography
mailing list