On 7 September 2013 18:47, Ralph Holz <ralph-cryptometz...@ralphholz.de>wrote:
> Hi, > > On 09/07/2013 12:50 AM, Peter Gutmann wrote: > > >> But for right now, what options do we have that are actually implemented > >> somewhere? Take SSL. CBC mode has come under pressure for SSL (CRIME, > BEAST, > >> etc.), and I don't see any move towards TLS > 1.0. > > > > http://tools.ietf.org/html/draft-gutmann-tls-encrypt-then-mac-02 fixes > all of > > these, I just can't get any traction on it from the TLS WG chairs. Maybe > > Exactly, precious little movement on that front. Sadly. > > BTW, I do not really agree with your argument it should be done via TLS > extension. I think faster progress could be made by simply introducing > new allowed cipher suites and letting the servers advertise them and > client accept them - this possibly means bypassing IETF entirely. Or, to > keep them in, do it in TLS 1.3. But do it fast, before people start > using TLS 1.2. > I agree. But I think the ciphersuites should be backported to all previous versions. > > I don't really see the explosion of cipher suite sets you give as a > motivation - e.g. in SSH, where really no-one seems to use the > standards, we have a total of 144 or so cipher suites found in our > scans. Yet the thing works, because clients will just ignore the weird > ones. It should be possible in SSL, too, unless openssl/gnutls/nss barfs > at an unexpected suite name - but I don't think so. > Exactly. > > Ralph > > _______________________________________________ > The cryptography mailing list > cryptography@metzdowd.com > http://www.metzdowd.com/mailman/listinfo/cryptography >
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography