On Mon, Sep 30, 2013 at 11:49:49AM +0300, ianG wrote:
On 30/09/13 11:02 AM, Adam Back wrote:
no ASN.1, and no X.509 [...], encrypt and then MAC only, no non-forward
secret ciphersuites, no baked in key length limits [...] support
soft-hosting [...] Add TOFO for self-signed keys.
Personally,
On 30 September 2013 10:47, Adam Back a...@cypherspace.org wrote:
I think lack of soft-hosting support in TLS was a mistake - its another
reason not to turn on SSL (IPv4 addresses are scarce and can only host one
SSL domain per IP#, that means it costs more, or a small hosting company
can
Hi Ben,
Boy, are you out of
date: http://en.wikipedia.org/wiki/Server_Name_Indication.
I am not so sure many servers support it, though. My latest data,
unfortunately, is not evaluated yet. But in 2011 the difference between
switching on SNI and connecting without it, was pretty meagre across
On 30 September 2013 07:07, Ralph Holz h...@net.in.tum.de wrote:
Hi Ben,
Boy, are you out of
date: http://en.wikipedia.org/wiki/Server_Name_Indication.
I am not so sure many servers support it, though. My latest data,
unfortunately, is not evaluated yet. But in 2011 the difference between
Hi,
I am not so sure many servers support it, though. My latest data,
unfortunately, is not evaluated yet. But in 2011 the difference between
switching on SNI and connecting without it, was pretty meagre across the
Alexa range. Granted, many of those hosts may not be VHosts.
Does Google
On 30/09/13 10:47, Adam Back wrote:
Well clearly passwords are bad and near the end of their life-time
with GPU
advances, and even amplified password authenticated key exchanges like
EKE
have a (so far) unavoidable design requirement to have the server store
something offline grindable, which
