Hi, Terje Elde wrote: > Or to try to sum it up, if you support both (Camellia only at end of list), > then: > > If neither cipher nor implementations has a problem, you’re fine. > If AES has a problem, you’ll fall back to Camellia if either server or client > disables AES. > If Camellia has a problem, you’re fine, because you’ll use AES. > If both has a problem, you’re still better off, because either your or > browsers can steer things towards the “least broken”. >
Oh well, the next mailing list where I have to defend the idea of removing CAMELLIA (there's ongoing discussion about this on the IETF OpenPGP list as well). My impression is that AES has seen /far/ more cryptanalysis than CAMELLIA, especially in the last couple of years I've barely seen any papers on CAMELLIA - we should rather recommend ciphers that researchers have interest in attacking - otherwise there might be some 'secret knowledge' (imagine some Nation State Agency, employing a ton of mathematicians for example) about cryptanalysis of a certain cipher. Aaron
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
