On Sun, Jan 5, 2014 at 7:28 AM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > > There are some pretty weird choices in there though, a number of which seem to > have been dictated mostly by fashion-statement requirements rather than any > security need. For example they recommend disabling (if I'm reading the > OpenSSL config line-noise correctly) PSK and SRP, which are the only mutual- > auth mechanisms provided in TLS Yeah, I thought that was a bit odd, too. I'm just speculating, but they probably disabled it in an effort to reduce attack surface for unused algorithms. Its too bad they are unused.
All in all, I like the prescriptive method of the guide. Jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography