On Fri, Oct 4, 2013 at 4:58 PM, Jeffrey Goldberg <jeff...@goldmark.org> wrote: > On 2013-10-04, at 4:24 AM, Alan Braggins <alan.bragg...@gmail.com> wrote: > >> Surely that's precisely because they (and SSL/TLS generally) _don't_ >> have a One True Suite, they have a "pick a suite, any suite" approach? > > And for those of us having to choose between preferring BEAST and RC4 > for our webservers, it doesn’t look like we are really seeing the expected > benefits of “negotiate a suite”. I’m not trying to use this to condemn the > approach; it’s a single example. But it’s a BIG single example.
That's because so many ciphersuites shared the same damned problems. When we went through the chained CBC problems in SSHv2 at least we had CTR modes to fallback on. There's a lesson here. I'll make it two for now: a) algorithm agility *does* matter; those who say it's ETOOHARD should do some penitence; b) algorithm agility is useless if you don't have algorithms to choose from, or if the ones you have are all in the same "family". Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
