On Saturday 08 November 2014 10:29:06 Kosuke Kaizuka wrote:
On Thu, 23 Oct 2014 01:35:08 +0900, Kosuke Kaizuka wrote: On Wed, 22
Oct 2014 00:59:53 -0700, Brian Smith wrote:
On Sun, Jun 29, 2014 at 11:18 AM, Hubert Kario hka...@redhat.com wrote:
The number of sites that prefer RC4 while
On Thu, 23 Oct 2014 01:35:08 +0900, Kosuke Kaizuka wrote: On Wed, 22
Oct 2014 00:59:53 -0700, Brian Smith wrote:
On Sun, Jun 29, 2014 at 11:18 AM, Hubert Kario hka...@redhat.com wrote:
The number of sites that prefer RC4 while still supporting other ciphers
are
very high (18.6% in June[1],
On Sun, Jun 29, 2014 at 11:18 AM, Hubert Kario hka...@redhat.com wrote:
The number of sites that prefer RC4 while still supporting other ciphers
are
very high (18.6% in June[1], effectively 21.3% for Firefox[6]) and not
changing much. The percent of servers that support only RC4 is steadily
On Wednesday 22 October 2014 00:59:53 Brian Smith wrote:
On Sun, Jun 29, 2014 at 11:18 AM, Hubert Kario hka...@redhat.com wrote:
The number of sites that prefer RC4 while still supporting other ciphers
are
very high (18.6% in June[1], effectively 21.3% for Firefox[6]) and not
changing
On Wed, 22 Oct 2014 00:59:53 -0700, Brian Smith wrote:
On Sun, Jun 29, 2014 at 11:18 AM, Hubert Kario hka...@redhat.com wrote:
The number of sites that prefer RC4 while still supporting other ciphers
are
very high (18.6% in June[1], effectively 21.3% for Firefox[6]) and not
changing much.
On Thu, Jul 10, 2014 at 7:41 PM, Brian Smith br...@briansmith.org wrote:
As you probably know, Google Chrome already ships some ChaCha20-Poly1305
cipher suites. They have a patch that they apply on top of NSS to implement
them. I recently asked a couple of our friends on the Chrome team about
On Thu, Jul 10, 2014 at 7:57 PM, Brian Smith br...@briansmith.org wrote:
On Thu, Jul 10, 2014 at 5:33 AM, Kurt Roeckx k...@roeckx.be wrote:
[snip]
An other alternative is using curve25519. It's also not standardized yet,
but at this time it seems more likely to be standardized first.
On Fri, 2014-08-08 at 13:32 +0300, Henri Sivonen wrote:
On Thu, Jul 10, 2014 at 7:41 PM, Brian Smith br...@briansmith.org wrote:
As you probably know, Google Chrome already ships some ChaCha20-Poly1305
cipher suites. They have a patch that they apply on top of NSS to implement
them. I
- Original Message -
From: Brian Smith br...@briansmith.org
To: mozilla's crypto code discussion list
dev-tech-crypto@lists.mozilla.org
Cc: mozilla-dev-tech-cry...@lists.mozilla.org
Sent: Thursday, 10 July, 2014 9:41:43 PM
Subject: Re: Road to RC4-free web (the case for YouTube
- Original Message -
From: Brian Smith br...@briansmith.org
To: mozilla's crypto code discussion list
dev-tech-crypto@lists.mozilla.org
Sent: Thursday, 10 July, 2014 3:02:34 AM
Subject: Re: Road to RC4-free web (the case for YouTube without RC4)
On Wed, Jul 2, 2014 at 5:08 AM
On Tue, Jul 1, 2014 at 11:58 PM, Brian Smith br...@briansmith.org wrote:
I am interested in discussing what we can do to help more server side
products get better cipher suites by default, and on deciding whether we
add support for ChaCha20-Poly1304
Out of curiosity, what's holding back a
- Original Message -
From: Brian Smith br...@briansmith.org
To: mozilla's crypto code discussion list
dev-tech-crypto@lists.mozilla.org
Cc: mozilla-dev-tech-cry...@lists.mozilla.org
Sent: Thursday, 10 July, 2014 2:40:55 AM
Subject: Re: Road to RC4-free web (the case for YouTube
On 2014-07-10 13:53, Henri Sivonen wrote:
On Tue, Jul 1, 2014 at 11:58 PM, Brian Smith br...@briansmith.org wrote:
I am interested in discussing what we can do to help more server side
products get better cipher suites by default, and on deciding whether we
add support for ChaCha20-Poly1304
On Thu, Jul 10, 2014 at 4:53 AM, Henri Sivonen hsivo...@hsivonen.fi wrote:
On Tue, Jul 1, 2014 at 11:58 PM, Brian Smith br...@briansmith.org wrote:
I am interested in discussing what we can do to help more server side
products get better cipher suites by default, and on deciding whether we
On Thu, Jul 10, 2014 at 5:33 AM, Kurt Roeckx k...@roeckx.be wrote:
[snip]
An other alternative is using curve25519. It's also not standardized yet,
but at this time it seems more likely to be standardized first.
Thanks for bringing up curve25519. I'd like to share a recent paper
written by
On Thu, Jul 10, 2014 at 09:57:56AM -0700, Brian Smith wrote:
On Thu, Jul 10, 2014 at 5:33 AM, Kurt Roeckx k...@roeckx.be wrote:
[snip]
An other alternative is using curve25519. It's also not standardized yet,
but at this time it seems more likely to be standardized first.
Thanks for
On Thu, Jul 10, 2014 at 5:00 AM, Hubert Kario hka...@redhat.com wrote:
- Original Message -
From: Brian Smith br...@briansmith.org
snip
However, it is likely that crypto libraries that make the two changes above
will also have support for TLS_ECDHE_*_WITH_AES_*_GCM cipher suites too.
On Thu, Jul 10, 2014 at 7:35 PM, Kurt Roeckx k...@roeckx.be wrote:
I would like to hear what others think about this, including what
people think Gecko should do.
I think it looks promosing. But like the paper indicates it needs
time for other people to review it before it's going to see any
On Thu, Jul 10, 2014 at 6:41 PM, Brian Smith br...@briansmith.org wrote:
So, what initially looked like a minor amount of effort turned into a more
significant effort. If there is somebody interested in taking this on, I
would be very happy to help them with it.
Are there bugs, with some
On Tue, Jul 1, 2014 at 7:15 PM, Julien Pierre julien.pie...@oracle.com
wrote:
On 7/1/2014 14:05, Brian Smith wrote:
I think, in parallel with that, we can figure out why so many sites are
still using TLS_ECDHE_*_WITH_RC4_* instead of TLS_ECDHE_*_WITH_AES* and
start the technical evangelism
On Wed, Jul 2, 2014 at 5:28 AM, Hubert Kario hka...@redhat.com wrote:
On 7/1/2014 14:05, Brian Smith wrote:
I think, in parallel with that, we can figure out why so many sites
are still using TLS_ECDHE_*_WITH_RC4_* instead of
TLS_ECDHE_*_WITH_AES* and start the technical evangelism
On Wed, Jul 2, 2014 at 5:08 AM, Hubert Kario hka...@redhat.com wrote:
Also, see Gavin's email here about adding such prefs in general. He
basically says, Don't do it. Note that Gavin is the Firefox module
owner:
https://groups.google.com/d/msg/mozilla.dev.platform/PL1tecuO0KA/e9BbmUAcRrwJ
On 2014-06-30 02:35, Hubert Kario wrote:
The benefits of ECDHE outweigh the risks of using RC4,
I have to disagree here. Even 1024 bit DHE requires a targeted attack at ~80 bit
complexity. Currently we see RC4 at around 56 bit, with a completely unoptimized
attack...
Do you have a reference
- Original Message -
From: Kurt Roeckx k...@roeckx.be
To: mozilla-dev-tech-cry...@lists.mozilla.org
Sent: Monday, 30 June, 2014 10:56:13 AM
Subject: Re: Road to RC4-free web (the case for YouTube without RC4)
On 2014-06-30 02:35, Hubert Kario wrote:
The benefits of ECDHE outweigh
- Original Message -
From: Brian Smith br...@briansmith.org
To: mozilla's crypto code discussion list
dev-tech-crypto@lists.mozilla.org
Sent: Monday, 30 June, 2014 12:23:41 AM
Subject: Re: Road to RC4-free web (the case for YouTube without RC4)
On Sun, Jun 29, 2014 at 11:18 AM
The number of sites that prefer RC4 while still supporting other ciphers are
very high (18.6% in June[1], effectively 21.3% for Firefox[6]) and not
changing much. The percent of servers that support only RC4 is steadily
dropping (1.771% in April[3], 1.194% in May[2], 0.985% in June[1]).
Because
26 matches
Mail list logo