Hi, * Axel Hübl wrote: > I could not agree more. > > Crazy C get's totally against the scope of this document: providing > _relyable_ crypto. > > If someone reads that document and goes for "see, they still list it as > compatible, provide it!" the document lost it's main point. I agree too. Sorry. But that's really not our issue to tackle. If we want to provide a guide for _better_crypto_ we'll need to drop some stuff that eventually breaks compatibility. I'm totally for discussing ECDHE on top of DHE (although curve options as currently implemented in libraries just suck) and SRP (which is a very good scheme in my opinion) - but discussing EOL ciphers like 3DES is somewhat out of scope. After all we want to prompt change in peoples mindset about legacy installations, their security and what should be regarded as safe for customers and users. Nobody has to follow this guide to the letter.
Aaron On Tue, Jan 7, 2014 at 1:38 PM, Axel Hübl <axel.hu...@web.de> wrote: > I could not agree more. > > Crazy C get's totally against the scope of this document: providing > _relyable_ crypto. > > If someone reads that document and goes for "see, they still list it as > compatible, provide it!" the document lost it's main point. > > Cheers, > Axel > > On 07.01.2014 13:08, Pepi Zawodsky wrote: > > On 07.01.2014, at 11:55, ianG <i...@iang.org> wrote: > >> Suite C: maximum compatibility > > > > This is what every other guide on the internet already does. We'll > _never_ get to improve the current state if we keep supporting fubared > stuff. If we want the broadest compatibility let's switch back to > plaintext. Works fine with my NCSA Mosaic. :-) > > > > In my opinion Sweet A is where we should be. Yes, this is a > forward-looking setting. It sill shall point the direction everyone should > be headed for. Bravo B is still considered secure as to our best of > knowledge today™ which still supports a wide array of deployed software > without unsafe compromises on the security aspect. > > > > I oppose the introduction of a Crazy C cipher that supports every client > as this scenario would contradict the goal of the project as I see it. > bettercompatibility.org is still available. :-) > > > > Best regards > > Pepi > > _______________________________________________ > > Ach mailing list > > a...@lists.cert.at > > http://lists.cert.at/cgi-bin/mailman/listinfo/ach > > > > > _______________________________________________ > Ach mailing list > a...@lists.cert.at > http://lists.cert.at/cgi-bin/mailman/listinfo/ach > >
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography