On Friday, August 9, 2013 5:30:26 AM UTC+3, Brian Smith wrote: > Please see https://briansmith.org/browser-ciphersuites-01.html
Thank you for this. I'm a bit skeptical about whether eliminating handshake fingerprinting is worth the disincentive to improve the set of ciphersuites. And I'm skeptical about actually getting to a state where all browsers have the same handshake in the first place. If there was a single ciphersuite that was known to be the one everyone should use for all future and the other ciphersuites were around just for compatibility with legacy servers (analogous to UTF-8 and other character encodings), I think it would make sense to freeze the handshake. However, since encryption is supposed to get stronger over time, having a frozen handshake would block improvements. Is it really realistic that other browsers would agree not to offer better ciphersuites as soon as they can get them implemented until all browsers agree that new ciphersuites should be included? On the other hand, if other browsers adopted the same handshake as Firefox, would it be better for Firefox to keep the common handshake than to introduce better ciphersuites as they become available? If the common handshake isn't achievable or desirable, I wonder if it's a good idea to drop Camellia altogether. I know nothing about the merits of Camellia relative to AES (maybe they are even similar enough for attacks to be transferable; dunno), but a reduction in algorithm agility seems scary on an uninformed gut level. If one assumes that handshakes won't be unified across browsers, wouldn't it then make sense, space permitting, to keep around at least one forward-secret RSA+Camellia ciphersuite in case a disaster strikes AES? What the threat being defended against in the handshake fingerprinting case? At least network eavesdroppers near the browser will have plenty of adjacent plain HTTP traffic with UA strings to capture for the foreseeable future and the site being connected to gets the UA string anyway. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto