The new OCSP stapling tests in NSS 3.15.3 are all failing on our Solaris
machines. See error log below.
We have a slightly smaller number of failures on Linux.
Are these tests going out to a public OCSP responder on the Internet ?
Or are they trying to go to a locally built one ?
(sorry, I am
On 3/01/14 01:06 AM, Julien Vehent wrote:
3DES isn't broken.
No, but it is end of life. 112bit security for the 2key variant, and an
8 byte block makes it just old. If you've got AES there, use it. Who
hasn't got it?
RC4 is broken, but I am yet to see a practical attack that doesn't
On Thu, Jan 02, 2014 at 02:12:47PM -0800, Ryan Sleevi wrote:
> > > What's the take on the ChaCha20/Poly1305 proposal by the Mozilla Sec.
> > > Team by the way?
> >
> > There are 5 security teams at Mozilla, so Mozilla Sec Team is a very
> > large group.
> > I think we all want a new stream ciphe
On 2014-01-02 17:12, Ryan Sleevi wrote:
On Thu, January 2, 2014 1:25 pm, Julien Vehent wrote:
Hi Aaron,
On 2014-01-02 16:10, Aaron Zauner wrote:
> Hi Kurt,
>
> On 02 Jan 2014, at 21:51, Kurt Roeckx wrote:
>
>> On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
I *think* they
On 2014-01-02 17:12, Ryan Sleevi wrote:
On Thu, January 2, 2014 1:25 pm, Julien Vehent wrote:
Hi Aaron,
On 2014-01-02 16:10, Aaron Zauner wrote:
> Hi Kurt,
>
> On 02 Jan 2014, at 21:51, Kurt Roeckx wrote:
>
>> On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
I *think* they
On Thu, January 2, 2014 1:25 pm, Julien Vehent wrote:
> Hi Aaron,
>
> On 2014-01-02 16:10, Aaron Zauner wrote:
> > Hi Kurt,
> >
> > On 02 Jan 2014, at 21:51, Kurt Roeckx wrote:
> >
> >> On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
> I *think* they want to prefer CAMELLIA to
Hi Aaron,
Two things I'd like to mention before I reply:
1. I think it's great to have two guides with divergent points of view.
I'm mostly
interested in discussing design choices, because these discussions
are useful.
I'm not interested in convincing the ACH group that one
recommendati
Hi Aaron,
On 2014-01-02 16:10, Aaron Zauner wrote:
Hi Kurt,
On 02 Jan 2014, at 21:51, Kurt Roeckx wrote:
On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
I *think* they want to prefer CAMELLIA to AES, judging by the
published ciphersuite.
But the construction must be wrong beca
On Thu, Jan 02, 2014 at 10:10:49PM +0100, Aaron Zauner wrote:
>
> What's the take on the ChaCha20/Poly1305 proposal by the Mozilla Sec. Team by
> the way?
Not being part of the mozilla team myself, I at least have the
impression that they want it. You might want to look at this
old version:
htt
On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
> > I *think* they want to prefer CAMELLIA to AES, judging by the published
> > ciphersuite.
> > But the construction must be wrong because it returns AES first. If the
> > intent is to
> > prefer Camellia, then I am most interesting i
On 2013-12-29 18:30, Kurt Roeckx wrote:
On Sun, Dec 15, 2013 at 11:22:32AM -0500, Julien Vehent wrote:
For the same reason, the server ciphersuite that we recommend at
https://wiki.mozilla.org/Security/Server_Side_TLS
does not drop Camellia, but lists it at the bottom of the ciphersuite.
It's a
11 matches
Mail list logo