[Cryptography] OPENSSL FREAK
bascule at gmail.com
Sat Mar 28 19:44:02 EDT 2015
On Sat, Mar 28, 2015 at 3:55 PM, ianG <iang at iang.org> wrote:
> Fans of algorithm agility need to lay out their life-cycle vision, and
> refer to empirical evidence that it was possible, it happened, it was the
> right thing to do, and it worked.
I work on termination of SSL/TLS in a professional capacity for a service
with millions of users. We are constantly tuning our supported ciphersuites
in response to the latest developments in attacks and cryptanalysis. I
think cipher agility has been invaluable for us. Tools like SSL Labs give
us a clear picture on what impact changes to our supported ciphersuites
will have to our users on a device-by-device basis.
To me "throw the baby out with the bathwater every 5 years" is a total
nonstarter. We have huge business incentives to support old customers, and
one of our biggest tools for doing that is working around protocol design
flaws using cipher agility.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography