There is an interesting thread currently on "cryptography " mailing list touching on similar topics. Regards Anish
Anish Mohammed Twitter: anishmohammed http://uk.linkedin.com/in/anishmohammed Skype: thecryptic On 12 Sep 2013, at 10:10, Jonas Smedegaard <[email protected]> wrote: > Which TLS certificate authorities (CA) should we trust? > > Which cipher suites should we tolerate? > > Ideally the answers are "none" and "only strong ones". But what is more > relevant to discuss is *realistic* answers (we can then tighten in later > revisions): > > Which CAs and cipher suites are sensible to use - for now? > > > I imagine there is no "one size fits all". That e.g. serving blog pages > should be more pragmatic about [legacy systems] than Plinth admin pages > or other [specific applications]. > > Would be nice if those knowledgeable about crypto could propose a > shortlist of purposes, and corresponding CAs and cipher suites. > > We could use such shortlists to verify Plinth code, Apache setup, > ca-certificates package configuration etc. > > Anyone knowledgeable about crypto that can help out? > > > - Jonas > > > [speficic applications]: The Guardian Project currently discuss choice > of cipher suites for OTR in their (smartphone) applications: > https://lists.mayfirst.org/pipermail/guardian-dev/2013-September/002504.html > > [legacy systems]: CAcert.org discusses BEAST vs. RCA4 impacting MacOS X: > https://lists.cacert.org/wws/arc/cacert/2013-09/msg00002.html > > -- > * Jonas Smedegaard - idealist & Internet-arkitekt > * Tlf.: +45 40843136 Website: http://dr.jones.dk/ > > [x] quote me freely [ ] ask before reusing [ ] keep private > _______________________________________________ > Freedombox-discuss mailing list > [email protected] > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
