At Sat, 24 Jan 2009 14:55:15 +1300,
Peter Gutmann wrote:
> >Yes, the changes between TLS 1.1 and TLS 1.2 are about as big as those
> >between SSL and TLS. I'm not particularly happy about that either, but it's
> >what we felt was necessary to do a principled job.
>
> It may have been a nicely prin
On Sat, Jan 24, 2009 at 2:36 AM, Victor Duchovni
wrote:
> You seem to be out of touch I am afraid. Just look at what many O/S
> distributions do. They adopt a new OpenSSL 0.9.Xy release from time to
> time (for some initial "y") and back-port security fixes never changing
> the letter. One can't a
Eric Rescorla writes:
>At Tue, 20 Jan 2009 17:57:09 +1300, Peter Gutmann wrote:
>> "Steven M. Bellovin" writes:
>>
>> >So -- who supports TLS 1.2?
>>
>> Not a lot, I think. The problem with 1.2 is that it introduces a pile of
>> totally gratuitous incompatible changes to the protocol that requir
At Tue, 20 Jan 2009 17:57:09 +1300,
Peter Gutmann wrote:
>
> "Steven M. Bellovin" writes:
>
> >So -- who supports TLS 1.2?
>
> Not a lot, I think. The problem with 1.2 is that it introduces a pile of
> totally gratuitous incompatible changes to the protocol that require quite a
> bit of effort
On Fri, Jan 23, 2009 at 04:01:50PM +1100, Ben Laurie wrote:
> > I really hope to see
> > real OpenSSL patch releases some day with development of new features
> > *strictly* in the development snapshots. Ideally this will start with
> > 0.9.9a, with no new features, just bug-fixes, in [b-z]. ]
>
On Tue, Jan 20, 2009 at 5:14 AM, Victor Duchovni
wrote:
> On Mon, Jan 19, 2009 at 10:45:55AM +0100, Bodo Moeller wrote:
>
>> The RFC does exit (TLS 1.2 in RFC 5246 from August 2008 makes SHA-256
>> mandatory), so you can send a SHA-256 certificate to clients that
>> indicate they support TLS 1.2 o
Jon Callas writes:
>I've always been pleased with your answer to Question J, so I'll say what
>we're doing at PGP.
That wasn't really meant as a compliment :-). The problem is that by leaping
on things the instant they appear you end up having to support a menagerie of
wierdo algorithms and mec
On Mon, Jan 19, 2009 at 01:38:02PM +, Darren J Moffat wrote:
> I don't think it depends at all on who you trust but on what algorithms
> are available in the protocols you need to use to run your business or
> use the apps important to you for some other reason. It also very much
> depends
I have a general outline of a timeline for adoption of new crypto
mechanisms (e.g. OAEP, PSS, that sort of thing, and not specifically
algorithms) in my Crypto Gardening Guide and Planting Tips, http://www.cs.auckland.ac.nz/~pgut001/pubs/crypto_guide.txt
, see "Question J" about 2/3 of the way
"Steven M. Bellovin" writes:
>So -- who supports TLS 1.2?
Not a lot, I think. The problem with 1.2 is that it introduces a pile of
totally gratuitous incompatible changes to the protocol that require quite a
bit of effort to implement (TLS 1.1 -> 1.2 is at least as big a step, if not a
bigger s
On Mon, 19 Jan 2009 10:45:55 +0100
Bodo Moeller wrote:
> On Sat, Jan 17, 2009 at 5:24 PM, Steven M. Bellovin
> wrote:
>
> > I've mentioned it before, but I'll point to the paper Eric Rescorla
> > wrote a few years ago:
> > http://www.cs.columbia.edu/~smb/papers/new-hash.ps or
> > http://www.cs.
On Mon, Jan 19, 2009 at 10:45:55AM +0100, Bodo Moeller wrote:
> The RFC does exit (TLS 1.2 in RFC 5246 from August 2008 makes SHA-256
> mandatory), so you can send a SHA-256 certificate to clients that
> indicate they support TLS 1.2 or later. You'd still need some other
> certificate for interop
At 1:38 PM + 1/19/09, Darren J Moffat wrote:
>Can you state the assumptions for why you think that moving to SHA384 would be
>safe if SHA256 was considered vulnerable in some way please.
Sure. I need 128 bits of pre-image protection for, say, a digital signature.
SHA2/256 is giving me that.
Paul Hoffman wrote:
At 12:24 PM +0100 1/12/09, Weger, B.M.M. de wrote:
When in 2012 the winner of the
NIST SHA-3 competition will be known, and everybody will start
using it (so that according to Peter's estimates, by 2018 half
of the implementations actually uses it), do we then have enough
red
On Sat, Jan 17, 2009 at 5:24 PM, Steven M. Bellovin
wrote:
> I've mentioned it before, but I'll point to the paper Eric Rescorla
> wrote a few years ago:
> http://www.cs.columbia.edu/~smb/papers/new-hash.ps or
> http://www.cs.columbia.edu/~smb/papers/new-hash.pdf . The bottom line:
> if you're
At 12:24 PM +0100 1/12/09, Weger, B.M.M. de wrote:
>When in 2012 the winner of the
>NIST SHA-3 competition will be known, and everybody will start
>using it (so that according to Peter's estimates, by 2018 half
>of the implementations actually uses it), do we then have enough
>redundancy?
No offen
On Mon, 12 Jan 2009 16:05:08 +1300
pgut...@cs.auckland.ac.nz (Peter Gutmann) wrote:
> "Weger, B.M.M. de" writes:
>
> >> Bottom line, anyone fielding a SHA-2 cert today is not going=20
> >> to be happy with their costly pile of bits.
> >
> >Will this situation have changed by the end of 2010 (tha
Weger, B.M.M. de wrote:
> In my view, the main lesson that the information security community,
> and in particular its intersection with the application building
> community, has to learn from the recent MD5 and SHA-1 history,
> is that strategies for dealing with broken crypto need rethinking.
Hi Peter,
> I have a general outline of a timeline for adoption of new
> crypto mechanisms
> (e.g. OAEP, PSS, that sort of thing, and not specifically
> algorithms) in my
> Crypto Gardening Guide and Planting Tips,
> http://www.cs.auckland.ac.nz/~pgut001/pubs/crypto_guide.txt,
> see "Question J
"Weger, B.M.M. de" writes:
>> Bottom line, anyone fielding a SHA-2 cert today is not going=20
>> to be happy with their costly pile of bits.
>
>Will this situation have changed by the end of 2010 (that's next year, by the
>way), when everybody who takes NIST seriously will have to switch to SHA-2
Victor Duchovni wrote:
> There is a huge install-base of systems on which SHA-2
> certs will failed SSL handshakes. When Windows XP
> systems are <1% of the install-base, when OpenSSL
> 0.9.8 is <1% of the install-base and 0.9.9 too (if the
> support is not added before it goes official)
It is no
On Sat, Jan 10, 2009 at 11:32:44PM +0100, Weger, B.M.M. de wrote:
> Hi Victor,
>
> > Bottom line, anyone fielding a SHA-2 cert today is not going
> > to be happy with their costly pile of bits.
>
> Will this situation have changed by the end of 2010 (that's
> next year, by the way), when everyb
Hi Victor,
> Bottom line, anyone fielding a SHA-2 cert today is not going
> to be happy with their costly pile of bits.
Will this situation have changed by the end of 2010 (that's
next year, by the way), when everybody who takes NIST seriously
will have to switch to SHA-2? The first weakness sh
On Thu, Jan 08, 2009 at 06:23:47PM -0600, Dustin D. Trammell wrote:
> Nearly everything I've seen regarding the proposed solutions to this
> attack have involved migration to SHA-1. SHA-1 is scheduled to be
> decertified by NIST in 2010, and NIST has already recommended[1] moving
> away from SHA-
On Tue, 2008-12-30 at 11:51 -0800, "Hal Finney" wrote:
> Therefore the highest priority should be for the six bad CAs to change
> their procedures, at least start using random serial numbers and move
> rapidly to SHA1. As long as this happens before Eurocrypt or whenever
> the results end up being
25 matches
Mail list logo
