Re: [Ach] EDH/ECDH, AES128/AES256 - was: Secure E-Mail Transport based on DNSSec/TLSA/DANE

2015-11-03 Thread Terje Elde
> On 02 Nov 2015, at 21:24, Gunnar Haslinger wrote: > > >> The reasoning for camellia is AFAIR that it can be used as sane >> fallback if a flaw in AES is found. > > OK, point taken. > but i could easily enable it when such a Situation happens, and > hopefully AES

Re: [Ach] EDH/ECDH, AES128/AES256 - was: Secure E-Mail Transport based on DNSSec/TLSA/DANE

2015-11-03 Thread Gunnar Haslinger
Am 03.11.2015 um 21:41 schrieb Terje Elde: > ... Camellia > For systems I might not be responsible for in 5 years, I'd rather leave it in. Could be a good decision or not, depending on how things come. Maybe Camellia turns out to be broken earlier than AES. Then you have to touch the

Re: [Ach] EDH/ECDH, AES128/AES256 - was: Secure E-Mail Transport based on DNSSec/TLSA/DANE

2015-11-02 Thread L. Aaron Kaplan
> On 03 Nov 2015, at 07:57, Gunnar Haslinger wrote: > > Am 2015-11-03 00:38, schrieb Aaron Zauner: >> Nevertheless I feel the same way, AES128 should be preferred; >> and that exactly what we're doing with the latest version of >> our bettercrypto cipherstring

Re: [Ach] EDH/ECDH, AES128/AES256 - was: Secure E-Mail Transport based on DNSSec/TLSA/DANE

2015-11-02 Thread Aaron Zauner
* Gunnar Haslinger [02/11/2015 21:25:03] wrote: > I don't know what lead to preferring EDH against ECDH in detail - maybe > some "Risk" that ECDH is not so well known / researched compared to EDH? > As nowadays DH with only 1024bit is not suitable any more and DH with >

Re: [Ach] EDH/ECDH, AES128/AES256 - was: Secure E-Mail Transport based on DNSSec/TLSA/DANE

2015-11-02 Thread Aaron Zauner
* Aaron Zauner [03/11/2015 00:38:45] wrote: > Internet Draft: > https://datatracker.ietf.org/doc/draft-zauner-tls-aes-ocb/ > > IPR: MUA broke some URLs, that's the correct one for the IPR declarations: https://datatracker.ietf.org/ipr/search/?submit=draft=draft-zauner-tls-aes-ocb