I think it time to deprecate non-https (and non-forward secret
ciphersuites.) Compute power has moved on, session cacheing works,
symmetric crypto is cheap.
Btw did anyone get a handle on session resumption - does it provide forward
secrecy (via k' = H(k)?). Otherwise I saw concerns a disk stored, or long
lived session resumption may itself start to become an exposure risk
somewhat analogous to non-forward secret SSL.
Adam
On Tue, Jul 02, 2013 at 12:50:32PM +0300, ianG wrote:
BTNS (better than nothing security) for IPSec could save it.
There is precedent: the ideas behind SSH totally swept out
secure-telnet within a year or so. Skype demolished other VoIP
providers, because its keys were hidden. The same thing happened
with that email transport security system.
In contrast, IPSec is a complete and utter deployment failure, and it
shares statistically unmeasurable rates of protection across the net.
It's near cousin, secure browsing at least achieved penetration rates
of around 1% if one counts the HTTPS v. HTTP ratio (what else
matters?). Both suffered in large part because they insisted on the
classical certificates / PKI schoolbook.
So, if one is looking for a saviour, there is pretty good correlation here.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
