s I understand it from
reading the list. Myself, I am currently still undecided on the issue
but tend slightly towards ECDHE for now -- with any luck, the BCP won't
be ready until we have some more data on the issue.
Ralph
--
Ralph Holz
I8 - Network Architectures and Services
Technische Un
Hi,
>> BTW, I do not really agree with your argument it should be done via TLS
>> extension.
>
> It's done that way based on discussions on (and mostly off) the TLS list by
> various implementers, that was the one that caused the least dissent.
I've followed that list for a while. What I find we
Hi,
On 09/07/2013 12:50 AM, Peter Gutmann wrote:
>> But for right now, what options do we have that are actually implemented
>> somewhere? Take SSL. CBC mode has come under pressure for SSL (CRIME, BEAST,
>> etc.), and I don't see any move towards TLS > 1.0.
>
> http://tools.ietf.org/html/draft-
Hi,
>>> It would be good to see them abandon RC4 of course, and soon.
>>
>> In favour of what, exactly? We're out of good ciphersuites.
>
> I thought AES was okay for TLS 1.2? Isn't the issue simply that
> Firefox etc. still use TLS 1.0? Note that this was a TLS 1.2
> connection.
Firefox has add
Hi,
> Same here. AES is, as far as we know, pretty secure, so any problems are
> going to arise in how AES is used. AES-CBC wrapped in HMAC is about as solid
> as you can get. AES-GCM is a design or coding accident waiting to happen.
But for right now, what options do we have that are actually
Hi,
>> There is a host of older literature, too - P2P research, however, has become
>> a cold topic. Although I expect that it will see a revival in the face of
>> surveillance.
>
> For people who are interested, the list I have (for a year or two back) is:
[list]
I would like to add the follow
erature, too - P2P research, however, has
become a cold topic. Although I expect that it will see a revival in the
face of surveillance.
Ralph
--
Ralph Holz
I8 - Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/
se whether you want info about DHT systems that are
related to some kind of mix system (e.g. GNUnet), or whether you simply
want to know about common DHT systems. If the latter, what kind of
attacks are you after? Eclipse?
Ralph
--
Ralph Holz
I8 - Network Architectures and Services
Technische
Hi,
> Eckersley's and Burns' presentation at Defcon (coming right up) will present
> their findings from a global survey of certs presented by hosts listening on
> port 443. Their results are disturbing.
Have these results already been published somewhere, or do you maybe
even have a URL?
Ralph
Dear all,
A colleague dropped in yesterday and confronted me with the following.
He wanted to scrape off some additional bits when using AES-CBC because
the messages in his concept are very short (a few hundred bit). So he
was thinking about a variant of AES-CBC, where he uses just 32 (random)
bi
10 matches
Mail list logo