On 10 September 2013 11:29, Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
Ben Laurie b...@links.org writes:
We need to get an extension number allocated, since the one it uses
clashes
with ALPN.
It does? draft-ietf-tls-applayerprotoneg-01 doesn't mention ID 0x10
anywhere.
(In any case
Ben Laurie b...@links.org writes:
We need to get an extension number allocated, since the one it uses clashes
with ALPN.
It does? draft-ietf-tls-applayerprotoneg-01 doesn't mention ID 0x10 anywhere.
(In any case -encrypt-then-MAC got there first, these Johnny-come-lately's can
find their own
On 09/05/2013 07:00 PM, Jon Callas wrote:
I don't think they're actively bad, though. For the purpose they were created
for --
parallelizable authenticatedencryption -- it serves its purpose. You can have a
decent implementor implement them right in hardware and walk away.
Given some of the
Hi,
BTW, I do not really agree with your argument it should be done via TLS
extension.
It's done that way based on discussions on (and mostly off) the TLS list by
various implementers, that was the one that caused the least dissent.
I've followed that list for a while. What I find weird is
On 09/08/2013 10:13 AM, Thor Lancelot Simon wrote:
On Sat, Sep 07, 2013 at 07:19:09PM -0700, Ray Dillinger wrote:
Given good open-source software, an FPGA implementation would provide greater
assurance of security.
How sure are you that an FPGA would actually be faster than you can already
Ralph Holz ralph-cryptometz...@ralphholz.de writes:
I've followed that list for a while. What I find weird is that there should
be much dissent at all. This is about increasing security based on adding
quite well-understood mechanisms. What's to be so opposed to there?
There wasn't really much
Hi,
On 09/07/2013 12:50 AM, Peter Gutmann wrote:
But for right now, what options do we have that are actually implemented
somewhere? Take SSL. CBC mode has come under pressure for SSL (CRIME, BEAST,
etc.), and I don't see any move towards TLS 1.0.
Hi,
Same here. AES is, as far as we know, pretty secure, so any problems are
going to arise in how AES is used. AES-CBC wrapped in HMAC is about as solid
as you can get. AES-GCM is a design or coding accident waiting to happen.
But for right now, what options do we have that are actually
I think that any of OCB, CCM, or EAX are preferable from a security
standpoint, but none of them parallelize as well. If you want to do
a lot of encrypted and authenticated high-speed link encryption,
well, there is likely no other answer. It's GCM or nothing.
OCB parallelizes very well in
Ralph Holz ralph-cryptometz...@ralphholz.de writes:
But for right now, what options do we have that are actually implemented
somewhere? Take SSL. CBC mode has come under pressure for SSL (CRIME, BEAST,
etc.), and I don't see any move towards TLS 1.0.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 6, 2013, at 11:41 AM, Jack Lloyd ll...@randombit.net wrote:
I think that any of OCB, CCM, or EAX are preferable from a security
standpoint, but none of them parallelize as well. If you want to do
a lot of encrypted and authenticated
Consider the Suite B set of algorithms:
AES-GCM
AES-GMAC
IEEE Elliptic Curves (256, 384, and 521-bit)
Traditionally, people were pretty confident in these. How are people's
confidence in them now?
Curious,
(first-time caller) Dan McD.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 5, 2013, at 6:16 PM, Dan McDonald dan...@kebe.com wrote:
Consider the Suite B set of algorithms:
AES-GCM
AES-GMAC
IEEE Elliptic Curves (256, 384, and 521-bit)
Traditionally, people were pretty confident in these.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 5, 2013, at 7:15 PM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
Jon Callas j...@callas.org writes:
My opinion about GCM and GMAC has not changed. I've never been a fan.
Same here. AES is, as far as we know, pretty secure, so any
Jon Callas j...@callas.org writes:
My opinion about GCM and GMAC has not changed. I've never been a fan.
Same here. AES is, as far as we know, pretty secure, so any problems are
going to arise in how AES is used. AES-CBC wrapped in HMAC is about as solid
as you can get. AES-GCM is a design or
Jon Callas j...@callas.org writes:
How do you feel (heh, I typoed that as feal) about the other AEAD modes?
If it's not a stream cipher and doesn't fail catastrophically with IV reuse
then it's probably as good as any other mode. Problem is that at the moment
modes like AES-CTR are being
16 matches
Mail list logo
