On Mon, Oct 7, 2013 at 6:05 PM, Mountie Lee <moun...@paygate.net> wrote: > SHA2 hash required in e-commerce transaction by the korean regulation. > and which is also used in TLSv1.1+.
Hi, First, we will be enabling TLS 1.2 in Firefox very soon. But, I think you may be referring to SHA-2-based cipher suites proposed in this internet draft: http://tools.ietf.org/html/draft-bjhan-tls-seed-00 Unfortunately, that internet draft expired and also the draft didn't even specify the cipher suite code points. Where can I find the current version of the Korean regulations on encryption. I have read this article: http://www.koreatimes.co.kr/www/news/biz/2012/04/123_109059.html That article notes that SEED is actually not mandatory in Korea any more. If so, it seems like a good idea to help the Korean community standardize on more common algorithms, right? That article also notes that implementations other than the ActiveX control have to be certified by the Korean government in order to be used. So, it seems like our SEED implementation could not be used legally anyway, since it hasn't been certified. Is that your understanding? My understanding is that the Korean government would also require websites that fall under these regulations to use certificates issued by some Korean certificate authorities. But, Mozilla does include either of the Korean certificate authorities and it seems unlikely to happen soon. See https://bugzilla.mozilla.org/show_bug.cgi?id=335197 Finally, the SEED cipher suite we do currently support does not support ephemeral key exchange. I see that the internet draft I linked to above does attempt to specify SEED cipher suites that support ephemeral key exchange. So, it seems pretty clear to me that it is OK to disable the SEED cipher suite we have currently enabled for now, while we figure out all the things that are necessary to help our Korean users. Cheers, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto