On 09/07/2013 12:50 AM, Peter Gutmann wrote:

>> But for right now, what options do we have that are actually implemented
>> somewhere? Take SSL. CBC mode has come under pressure for SSL (CRIME, BEAST,
>> etc.), and I don't see any move towards TLS > 1.0.
> http://tools.ietf.org/html/draft-gutmann-tls-encrypt-then-mac-02 fixes all of
> these, I just can't get any traction on it from the TLS WG chairs.  Maybe

Exactly, precious little movement on that front. Sadly.

BTW, I do not really agree with your argument it should be done via TLS
extension. I think faster progress could be made by simply introducing
new allowed cipher suites and letting the servers advertise them and
client accept them - this possibly means bypassing IETF entirely. Or, to
keep them in, do it in TLS 1.3. But do it fast, before people start
using TLS 1.2.

I don't really see the explosion of cipher suite sets you give as a
motivation - e.g. in SSH, where really no-one seems to use the
standards, we have a total of 144 or so cipher suites found in our
scans. Yet the thing works, because clients will just ignore the weird
ones. It should be possible in SSL, too, unless openssl/gnutls/nss barfs
at an unexpected suite name - but I don't think so.


The cryptography mailing list

Reply via email to