Eric Rescorla e...@networkresonance.com writes:
At Tue, 20 Jan 2009 17:57:09 +1300, Peter Gutmann wrote:
Steven M. Bellovin s...@cs.columbia.edu writes:
So -- who supports TLS 1.2?
Not a lot, I think. The problem with 1.2 is that it introduces a pile of
totally gratuitous incompatible
On Sat, Jan 24, 2009 at 2:36 AM, Victor Duchovni
victor.ducho...@morganstanley.com wrote:
You seem to be out of touch I am afraid. Just look at what many O/S
distributions do. They adopt a new OpenSSL 0.9.Xy release from time to
time (for some initial y) and back-port security fixes never
At Sat, 24 Jan 2009 14:55:15 +1300,
Peter Gutmann wrote:
Yes, the changes between TLS 1.1 and TLS 1.2 are about as big as those
between SSL and TLS. I'm not particularly happy about that either, but it's
what we felt was necessary to do a principled job.
It may have been a nicely principled
On Tue, Jan 20, 2009 at 5:14 AM, Victor Duchovni
victor.ducho...@morganstanley.com wrote:
On Mon, Jan 19, 2009 at 10:45:55AM +0100, Bodo Moeller wrote:
The RFC does exit (TLS 1.2 in RFC 5246 from August 2008 makes SHA-256
mandatory), so you can send a SHA-256 certificate to clients that
On Fri, Jan 23, 2009 at 04:01:50PM +1100, Ben Laurie wrote:
I really hope to see
real OpenSSL patch releases some day with development of new features
*strictly* in the development snapshots. Ideally this will start with
0.9.9a, with no new features, just bug-fixes, in [b-z]. ]
I think
At Tue, 20 Jan 2009 17:57:09 +1300,
Peter Gutmann wrote:
Steven M. Bellovin s...@cs.columbia.edu writes:
So -- who supports TLS 1.2?
Not a lot, I think. The problem with 1.2 is that it introduces a pile of
totally gratuitous incompatible changes to the protocol that require quite a
bit
Jon Callas j...@callas.org writes:
I've always been pleased with your answer to Question J, so I'll say what
we're doing at PGP.
That wasn't really meant as a compliment :-). The problem is that by leaping
on things the instant they appear you end up having to support a menagerie of
wierdo
On Sat, Jan 17, 2009 at 5:24 PM, Steven M. Bellovin s...@cs.columbia.edu
wrote:
I've mentioned it before, but I'll point to the paper Eric Rescorla
wrote a few years ago:
http://www.cs.columbia.edu/~smb/papers/new-hash.ps or
http://www.cs.columbia.edu/~smb/papers/new-hash.pdf . The bottom
Paul Hoffman wrote:
At 12:24 PM +0100 1/12/09, Weger, B.M.M. de wrote:
When in 2012 the winner of the
NIST SHA-3 competition will be known, and everybody will start
using it (so that according to Peter's estimates, by 2018 half
of the implementations actually uses it), do we then have enough
At 1:38 PM + 1/19/09, Darren J Moffat wrote:
Can you state the assumptions for why you think that moving to SHA384 would be
safe if SHA256 was considered vulnerable in some way please.
Sure. I need 128 bits of pre-image protection for, say, a digital signature.
SHA2/256 is giving me that.
On Mon, Jan 19, 2009 at 10:45:55AM +0100, Bodo Moeller wrote:
The RFC does exit (TLS 1.2 in RFC 5246 from August 2008 makes SHA-256
mandatory), so you can send a SHA-256 certificate to clients that
indicate they support TLS 1.2 or later. You'd still need some other
certificate for
On Mon, 19 Jan 2009 10:45:55 +0100
Bodo Moeller bmoel...@acm.org wrote:
On Sat, Jan 17, 2009 at 5:24 PM, Steven M. Bellovin
s...@cs.columbia.edu wrote:
I've mentioned it before, but I'll point to the paper Eric Rescorla
wrote a few years ago:
Steven M. Bellovin s...@cs.columbia.edu writes:
So -- who supports TLS 1.2?
Not a lot, I think. The problem with 1.2 is that it introduces a pile of
totally gratuitous incompatible changes to the protocol that require quite a
bit of effort to implement (TLS 1.1 - 1.2 is at least as big a step,
I have a general outline of a timeline for adoption of new crypto
mechanisms (e.g. OAEP, PSS, that sort of thing, and not specifically
algorithms) in my Crypto Gardening Guide and Planting Tips, http://www.cs.auckland.ac.nz/~pgut001/pubs/crypto_guide.txt
, see Question J about 2/3 of the way
On Mon, Jan 19, 2009 at 01:38:02PM +, Darren J Moffat wrote:
I don't think it depends at all on who you trust but on what algorithms
are available in the protocols you need to use to run your business or
use the apps important to you for some other reason. It also very much
depends on
Weger, B.M.M. de b.m.m.d.we...@tue.nl writes:
Bottom line, anyone fielding a SHA-2 cert today is not going=20
to be happy with their costly pile of bits.
Will this situation have changed by the end of 2010 (that's next year, by the
way), when everybody who takes NIST seriously will have to
Weger, B.M.M. de wrote:
In my view, the main lesson that the information security community,
and in particular its intersection with the application building
community, has to learn from the recent MD5 and SHA-1 history,
is that strategies for dealing with broken crypto need rethinking.
On
On Mon, 12 Jan 2009 16:05:08 +1300
pgut...@cs.auckland.ac.nz (Peter Gutmann) wrote:
Weger, B.M.M. de b.m.m.d.we...@tue.nl writes:
Bottom line, anyone fielding a SHA-2 cert today is not going=20
to be happy with their costly pile of bits.
Will this situation have changed by the end of
Hi Victor,
Bottom line, anyone fielding a SHA-2 cert today is not going
to be happy with their costly pile of bits.
Will this situation have changed by the end of 2010 (that's
next year, by the way), when everybody who takes NIST seriously
will have to switch to SHA-2? The first weakness
On Sat, Jan 10, 2009 at 11:32:44PM +0100, Weger, B.M.M. de wrote:
Hi Victor,
Bottom line, anyone fielding a SHA-2 cert today is not going
to be happy with their costly pile of bits.
Will this situation have changed by the end of 2010 (that's
next year, by the way), when everybody who
On Thu, Jan 08, 2009 at 06:23:47PM -0600, Dustin D. Trammell wrote:
Nearly everything I've seen regarding the proposed solutions to this
attack have involved migration to SHA-1. SHA-1 is scheduled to be
decertified by NIST in 2010, and NIST has already recommended[1] moving
away from SHA-1
On Tue, 2008-12-30 at 11:51 -0800, Hal Finney wrote:
Therefore the highest priority should be for the six bad CAs to change
their procedures, at least start using random serial numbers and move
rapidly to SHA1. As long as this happens before Eurocrypt or whenever
the results end up being
22 matches
Mail list logo