Am Montag, 3. Februar 2014 22:50:38 UTC+1 schrieb Chris Newman:
As a non-Firefox/non-HTTP consumer of NSS, I'd like to see an NSS API flag
indicating a cipher suite is retained for backwards compatibility but
considered inferior by cryptographic community standards at the time the
NSS
Hi folks,
there is consensus that some algorithms/ciphers (e.g. RC4) allowed by default
should not be considered secure, though because of interop issues, they cannot
be removed at this point.
The problem with this is that people may think they are using a secure
connection while in fact,
As a non-Firefox/non-HTTP consumer of NSS, I'd like to see an NSS API flag
indicating a cipher suite is retained for backwards compatibility but
considered inferior by cryptographic community standards at the time the
NSS library was built.
A. is unacceptable because it breaks copy/paste of
On Monday, January 27, 2014 4:35:34 PM UTC-7, Brian Smith wrote:
On Mon, Jan 27, 2014 at 10:49 AM, ripber...@aol.com wrote:
On Monday, January 27, 2014 10:52:44 AM UTC-7, Brian Smith wrote:
On Mon, Jan 27, 2014 at 9:26 AM, ripber...@aol.com wrote:
Thanks much Brian and Alan for the
On 2014-01-27 02:43, ripber...@aol.com wrote:
Hi,
So I didn't get to the bottom of this thread because some of it is 'loading'
I really recommend that you do read all the messages. All of this has
been discussed in various thread both here and on other lists.
Encryption:
AES-256
On Monday, January 27, 2014 6:19:42 AM UTC-7, Kurt Roeckx wrote:
I really recommend that you do read all the messages. All of this has
been discussed in various thread both here and on other lists.
Ok - I will try (but it will be after this post).
Other recommendations don't not
On Mon, Jan 27, 2014 at 9:26 AM, ripber...@aol.com wrote:
On Monday, January 27, 2014 6:19:42 AM UTC-7, Kurt Roeckx wrote:
2) NIST is a US government standards board that drives a lot of compliance
regulation. There are companies what will want to be able show that they
are NIST
On Mon, Jan 27, 2014 at 09:26:20AM -0800, ripber...@aol.com wrote:
2) NIST is a US government standards board that drives a lot of compliance
regulation. There are companies what will want to be able show that they
are NIST compliant.
I'm sure it is important to some. But I
On Monday, January 27, 2014 10:52:44 AM UTC-7, Brian Smith wrote:
On Mon, Jan 27, 2014 at 9:26 AM, ripber...@aol.com wrote:
On Monday, January 27, 2014 6:19:42 AM UTC-7, Kurt Roeckx wrote:
2) NIST is a US government standards board that drives a lot of compliance
regulation.
On 27/01/14 17:26, ripber...@aol.com wrote:
2) NIST is a US government standards board that drives a lot of compliance
regulation. There are companies what will want to be able show that they
are NIST compliant. The standard at this point does NOT allow you to
use Camellia.
On Mon, Jan 27, 2014 at 10:49 AM, ripber...@aol.com wrote:
On Monday, January 27, 2014 10:52:44 AM UTC-7, Brian Smith wrote:
On Mon, Jan 27, 2014 at 9:26 AM, ripber...@aol.com wrote:
I can't speak for FF - and I've certainly read enough standards to say
that there are too many standards. I
Hi,
So I didn't get to the bottom of this thread because some of it is 'loading'
but I didn't see any mention of NIST 800-131a in all the posts I saw.
This standard (along with NIST 800-57 Part 1) provides information about
security strength and what is required. Basically NIST is saying you
On Sunday, January 26, 2014 6:25:58 PM UTC-7, ripb...@aol.com wrote:
Hi,
So I didn't get to the bottom of this thread because some of it is 'loading'
but I didn't see any mention of NIST 800-131a in all the posts I saw.
This standard (along with NIST 800-57 Part 1) provides
Hi,
So I didn't get to the bottom of this thread because some of it is 'loading'
but I didn't see any mention of NIST 800-131a in all the posts I saw.
This standard (along with NIST 800-57 Part 1) provides information about
security strength and what is required. Basically NIST is saying you
On Thu, Jan 09, 2014 at 12:59:40PM -0500, Julien Vehent wrote:
I started a scan of Alexa's top 1 million websites. It's going to
take a few days to have all the results.
So far, 21 out of 1396 websites scanned support neither AES or 3DES.
I'm about half way through the scan, but it's unlikely
On Fri, Jan 10, 2014 at 08:11:02PM -0500, Julien Vehent wrote:
On Thu, Jan 09, 2014 at 12:59:40PM -0500, Julien Vehent wrote:
I started a scan of Alexa's top 1 million websites. It's going to
take a few days to have all the results.
So far, 21 out of 1396 websites scanned support neither AES
On 2013-12-15 02:41, Brian Smith wrote:
On Sat, Dec 14, 2013 at 4:47 PM, Kosuke Kaizuka cai.0...@gmail.com wrote:
little supported, never negotiated cipher
One of the largest websites which support Camellia is Yahoo!.
Firefox 26 or lower use TLS_RSA_WITH_CAMELLIA_256_CBC_SHA with Yahoo!.
On 2014-01-09 06:41, Kurt Roeckx wrote:
I'm considering if we should also drop support for RC4 on the client side.
At least IE11 on windows 8.1 doesn't do RC4, but does do 3DES.
I started a scan of Alexa's top 1 million websites. It's going to take a few
days to have all the results.
So far,
On Thu, Jan 09, 2014 at 12:59:40PM -0500, Julien Vehent wrote:
On 2014-01-09 06:41, Kurt Roeckx wrote:
I'm considering if we should also drop support for RC4 on the
client side. At least IE11 on windows 8.1 doesn't do RC4, but does
do 3DES.
I started a scan of Alexa's top 1 million
On 2013-12-29 18:30, Kurt Roeckx wrote:
On Sun, Dec 15, 2013 at 11:22:32AM -0500, Julien Vehent wrote:
For the same reason, the server ciphersuite that we recommend at
https://wiki.mozilla.org/Security/Server_Side_TLS
does not drop Camellia, but lists it at the bottom of the ciphersuite.
It's a
On Sun, Dec 15, 2013 at 11:22:32AM -0500, Julien Vehent wrote:
For the same reason, the server ciphersuite that we recommend at
https://wiki.mozilla.org/Security/Server_Side_TLS
does not drop Camellia, but lists it at the bottom of the ciphersuite.
It's a safe choice, but not one that we
On Sat, Dec 14, 2013 at 05:41:55PM -0800, Brian Smith wrote:
Fx26Fx27 Change Cipher Suite
0.00% 14.15% +14.15% TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (new)
0.00% 8.30% +8.30% TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (new)
Are you sure you didn't switch those 2? At least your
On 2013-12-14 19:47, Kosuke Kaizuka wrote:
Camellia is widely reviewed and chosen as a recommended cipher by
several independent committees.
If CAMELLIA_CBC is dropped by security reason, AES_CBC should be also
dropped.
There is another reason to drop CAMELLIA: AES with AES-NI is 8 times
On 2013-12-15 11:13, Kurt Roeckx wrote:
On Sun, Dec 15, 2013 at 10:46:04AM -0500, Julien Vehent wrote:
On 2013-12-14 19:47, Kosuke Kaizuka wrote:
Camellia is widely reviewed and chosen as a recommended cipher by
several independent committees.
If CAMELLIA_CBC is dropped by security reason,
On Sun, Dec 15, 2013 at 11:22:32AM -0500, Julien Vehent wrote:
On 2013-12-15 11:13, Kurt Roeckx wrote:
On Sun, Dec 15, 2013 at 10:46:04AM -0500, Julien Vehent wrote:
On 2013-12-14 19:47, Kosuke Kaizuka wrote:
Camellia is widely reviewed and chosen as a recommended cipher by
several
On Sun, Dec 15, 2013 at 8:46 AM, Kurt Roeckx k...@roeckx.be wrote:
But some people are also considering disabling it by default,
as I think all other where talking in this thread, not just
reduce the preference.
For the same reason, the server ciphersuite that we recommend at
On Fri, Dec 13, 2013 at 10:48 PM, marlene.pr...@hushmail.com wrote:
I present a proposal to remove some vulnerable/deprecated/legacy TLS
ciphersuits from Firefox. I am not proposing addition of any new
ciphersuits, changing of priority order, protocol removal, or any other
changes in
27 matches
Mail list logo