Hi, On 09/07/2013 12:50 AM, Peter Gutmann wrote:
>> But for right now, what options do we have that are actually implemented >> somewhere? Take SSL. CBC mode has come under pressure for SSL (CRIME, BEAST, >> etc.), and I don't see any move towards TLS > 1.0. > > http://tools.ietf.org/html/draft-gutmann-tls-encrypt-then-mac-02 fixes all of > these, I just can't get any traction on it from the TLS WG chairs. Maybe Exactly, precious little movement on that front. Sadly. BTW, I do not really agree with your argument it should be done via TLS extension. I think faster progress could be made by simply introducing new allowed cipher suites and letting the servers advertise them and client accept them - this possibly means bypassing IETF entirely. Or, to keep them in, do it in TLS 1.3. But do it fast, before people start using TLS 1.2. I don't really see the explosion of cipher suite sets you give as a motivation - e.g. in SSH, where really no-one seems to use the standards, we have a total of 144 or so cipher suites found in our scans. Yet the thing works, because clients will just ignore the weird ones. It should be possible in SSL, too, unless openssl/gnutls/nss barfs at an unexpected suite name - but I don't think so. Ralph _______________________________________________ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography
