On Fri, Jul 09, 2010 at 01:07:34PM -0500, Nicolas Williams wrote: > On Fri, Jul 09, 2010 at 10:40:01AM -0700, Bill Sommerfeld wrote: > > I'm told that folks evaluating cryptographic protocols generally > > prefer to see suites of algorithms defined together rather than > > allowing the user to arbitrarily mix and match; this generally > > reduces the number of possibilities to evaluate and also eliminates > > silly combinations where one algorithm is much weaker than the > > other. > > It... depends. > > For example, SSHv2 negotiates various algorithms separately and > concurrently:
Though for public key algorithms SSHv2 does NOT negotiate hash and public key algorithms separately. I can't think of any modern Internet protocol that does _that_. I'd strongly argue against negotiating signature and signature hash algorithm separately. Nico -- _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
