On 2013-12-15 11:13, Kurt Roeckx wrote:
On Sun, Dec 15, 2013 at 10:46:04AM -0500, Julien Vehent wrote:
On 2013-12-14 19:47, Kosuke Kaizuka wrote:
>Camellia is widely reviewed and chosen as a recommended cipher by
>several independent committees.
>If CAMELLIA_CBC is dropped by security reason, AES_CBC should be also
>dropped.
>
There is another reason to drop CAMELLIA: AES with AES-NI is 8 times
faster. AES-NI is supported by the majority of server CPUs right now.
Camellia is still fast in software, my laptop computes between 90 and
160 MB/s with openssl and an intel cpu. But if we want to provide the
fastest response time to users, it's important to consider the server
cost on the client side.
It's not because it's enabled that you have to use it. The
priority of Camellia is now always below AES. If the server
supports AES it should pick it.
Right. And by "drop" I really meant "reduce preference of".
For the same reason, the server ciphersuite that we recommend at
https://wiki.mozilla.org/Security/Server_Side_TLS
does not drop Camellia, but lists it at the bottom of the ciphersuite.
It's a safe choice, but not one that we recommend.
- Julien
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
