On 10/10/13 17:58 PM, Salz, Rich wrote:
TLS was designed to support multiple ciphersuites. Unfortunately this opened
the door
to downgrade attacks, and transitioning to protocol versions that wouldn't do
this was nontrivial.
The ciphersuites included all shared certain misfeatures, leading to the
current situation.
On the other hand, negotiation let us deploy it in places where full-strength
cryptography is/was regulated.
That same regulator that asked for that capability is somewhat prominent
in the current debacle.
Feature or bug?
Sometimes half a loaf is better than nothing.
A shortage of bread has been the inspiration for a few revolutions :)
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
