On 22/08/13 11:50, Alan Braggins wrote:
On 21/08/13 18:23, Zack Weinberg wrote:
I share concern
about new side channel attacks due to GMAC, though.
You aren't alone.
https://bugzilla.mozilla.org/show_bug.cgi?id=868948
I asked a friend who works for ARM about the chances of
constant time AES-GCM instruction set support.
"SecurCore; sure. A-series; no chance."
I'm not convinced that the advantages of eliminating
handshake fingerprinting outweigh the benefits of
allowing endpoints with different capabilities to
negotiate different ciphers (e.g. preferring AES more
strongly if AES-NI instructions are available at both
ends).
Possibly you should be aiming for a shared set of principles
to be used by browsers when choosing a suite, not a shared
ordering.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
