Gervase Markham wrote:
Duane wrote:
This certificate is 50% good (128/256) or 15% good (40/256) then you
just alter the top number, or even subtract for bad protocols, I'm sure
people would get the idea pretty quick and it would be consistent, even
when things change in future...
That's better, but it doesn't address the questions a user actually has.
Is 50% good enough for banking? 65%? If I upgrade my Firefox and my
bank is now 80% instead of 100%, should I change bank?
I'd say 40 bit is good enough for banking, and 128 bit
is good enough for banks :-) As the TLS people have now
added a 256 bit protocol suite, they no doubt think that
only 256 should be used by banks...
The difference is in the activity, which is not under
threat from eavesdropping, and the institution, which is
under threat from bad exposure. The latter is a dominating
case, so 128 bits is the likely standard for banks.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
