On Tue, Jan 07, 2014 at 11:39:42AM +0100, L. Aaron Kaplan wrote: > > On Jan 7, 2014, at 11:24 AM, stef <[email protected]> wrote: > > > On Tue, Jan 07, 2014 at 11:18:45AM +0100, L. Aaron Kaplan wrote: > >> 1. We will have three config options: cipher String A,B,C ( generic safe > >> config, maximum interoperability (== this also makes the mozilla people > >> happy then) and finally a super-hardened setting (with reduced > >> compatibility)). > > > > lacking the context on > >> this also makes the mozilla people happy then > > There were some discussions on the bettercrypto list regarding also > supporting Windows XP (which means RC4 or 3DES).
interesting sudden context switch from mozillans to microsoft-victims. a distraction? > And there was a very good argument that a *lot* of people still use XP and > for many sites it is not an option to exclude them. On the other hand, WinXP > is end of life. It's a hard choice.... for you it's an easy choice. your products only feature is to provide security, if you forfeit that feature for interoperability, then you have not achieved anything. i'd start looking into who actually proposed that, and what are his intelligence agency or corporate ties. this all sounds to me like the banking crisis, too-big-to-fail, so let's do some security theater, but otherwise leave all the downgrade attack paths open. > So, I guess that was a really good reason and personally I don't see any > reason so far to assume: you have not produced any argument - only a distraction - against that assumption. -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
