On Mon, Aug 12, 2013 at 6:52 AM, Gervase Markham <g...@mozilla.org> wrote:
> On 09/08/13 18:12, Brian Smith wrote: > > No, each combination is hard-coded into its own distinct code point that > is > > registered with IANA: > > > https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 > . > > This is a design choice based on the fact that many crypto modules don't > > let you mix/match algorithms at will, and because you often > can't/shouldn't > > move keys between crypto modules. > > OK. So you are choosing from a fixed palette, and changing that palette > is outside the scope of this proposal? > It is possible to add new cipher suites, but new cipher suites should have substantial value and a realistic shot at becoming widely-deployed. > I agree this is theoretically possible but, as Tom points out, if we > posit an attacker who can see your traffic, the chances of you > concealing the identity of your user agent from him are pretty small. > > When risk is there to a user of having a network eavesdropper able to > tell that they are using a particular browser? If I had an exploit for a > particular browser, I'd just try it anyway and see if it worked. That > seems to be the normal pattern. > One example is Tor: it tries to look like "a normal browser" so that it is hard to detect that you are using Tor. And, if Tor is properly configured then the network attacker will never see any non-TLS traffic. > >> * Re: Camellia and SEED: we should talk to the organisations which > >> pushed for their addition, and our business development people in the > >> region, before eliminating them. (This is not to say that we will > >> definitely not remove them if they raise objections.) > > > > Do you have suggestions for who to contact? > > The first person I would talk to would be Gen Kanai <g...@mozilla.com>, > although he may put you in touch with others. > Thanks. I will send ask him to forward a link to these threads to the people he thinks may be interested in it. Cheers, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
