On 11/25/2015 02:01 PM, April King wrote:
My colleague Julien Vehent and I are in the process of updating the Mozilla Server Side TLS documentation:
I've always found the 128 bit prioritized over 256 a silly recommendation, I support reordering.
The general consensus was to bring the conversation to the dev.tech.crypto group prior to updating the standards either way. There hasn't been any claim that AES-128 is actually broken, but the idea behind the Modern guidelines is to stay ahead of the cryptographic research curve. One thing to keep in mind is that the Modern guidelines are intended for modern systems that don't require any kind of backwards compatibility or necessarily need to be friendly towards old, underpowered systems (such older smartphones).For reference, this is the current state of preference order for the four major browser manufacturers: Firefox: AES-128-GCM > AES-256-CBC > AES-256-CBC (doesn't include AES-256-GCM in list of cipher suites) Chrome: AES-128-GCM > AES-256-CBC > AES-128-CBC (also does not request AES-256-GCM)Safari: AES-256-GCM > AES-128-GCM > AES-256-CBC > AES-128-CBC Edge: AES-256-GCM > AES-128-GCM > AES-256-CBC > AES-128-CBC Proposal for Modern: AES-256-GCM > AES-128-GCM > AES-256-CBC > AES-128-CBCIf the general agreement is to move Modern to AES-256, it may also be worthwhile considering whether or when we move that recommendation down to the Intermediate level, which is intended for general purpose websites that don't have a need for backwards compatibility with very old clients (such as IE6/Win XP SP2).
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list email@example.com https://lists.mozilla.org/listinfo/dev-tech-crypto