[Cryptography] OPENSSL FREAK

Tony Arcieri bascule at gmail.com
Sat Mar 28 19:44:02 EDT 2015

On Sat, Mar 28, 2015 at 3:55 PM, ianG <iang at iang.org> wrote:

> Fans of algorithm agility need to lay out their life-cycle vision, and
> refer to empirical evidence that it was possible, it happened, it was the
> right thing to do, and it worked.

I work on termination of SSL/TLS in a professional capacity for a service
with millions of users. We are constantly tuning our supported ciphersuites
in response to the latest developments in attacks and cryptanalysis. I
think cipher agility has been invaluable for us. Tools like SSL Labs give
us a clear picture on what impact changes to our supported ciphersuites
will have to our users on a device-by-device basis.

To me "throw the baby out with the bathwater every 5 years" is a total
nonstarter. We have huge business incentives to support old customers, and
one of our biggest tools for doing that is working around protocol design
flaws using cipher agility.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150328/b92800c3/attachment.html>

More information about the cryptography mailing list