On 1/10/11 22:11 PM, William Allen Simpson wrote:
I started reading this thread, and then left it alone, and am catching
up.
It's hard to know where to start, so changing the subject a little.
:)
On 9/20/11 12:51 PM, ianG wrote:
On 20/09/11 01:53 AM, Andy Steingruebl wrote:
SSH doesn't
On 10/02/2011 03:38 AM, Peter Gutmann wrote:
Sandy Harrissandyinch...@gmail.com writes:
What on Earth were the arguments against it? I'd have thought PFS was a
complete no-brainer.
Two things, it's computationally very expensive, and most people have no idea
what PFS is.
There's been one
At the risk of feeding the conspiracy angle, I note that there is only one
stream cipher for SSL/TLS (RC4). All the others in common use are CBC modes,
with that same predictable IV weakness as IPsec (i.e. BEAST). There are no
DHE cipher suites defined for RC4. So if you want PFS, you have
Come on. This discussion has descended past whacko, which is where it went
once the broken by design discussion started.
Quite. I had to point someone at some of these threads today; when it came to
this part, I alluded to black helicopters.
--Steve Bellovin,
Come on. This discussion has descended past whacko, which is where it went once the
broken by design discussion started.
On 2011-10-04 9:18 AM, Steven Bellovin wrote:
Quite. I had to point someone at some of these threads today; when it came to
this part, I alluded to black helicopters.