L. Aaron Kaplan kap...@cert.at writes:
So, Peter, how about this approach?
Sorry about the delayed reply, too much other stuff on my plate at the
moment...
1. We will have three config options: cipher String A,B,C ( generic safe
config, maximum interoperability (== this also makes the mozilla
Hi Peter, hi list,
On Jan 16, 2014, at 1:13 PM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
L. Aaron Kaplan kap...@cert.at writes:
So, Peter, how about this approach?
Sorry about the delayed reply, too much other stuff on my plate at the
moment...
1. We will have three config
On 7/01/14 04:34 AM, Peter Gutmann wrote:
give users a choice: a
generic safe config (disable null, export ciphers, short keys, known-weak,
etc), a maximum-interoperability config (3DES and others), and a super-
paranoid config (AES-GCM-256, Curve25519, etc), with warnings that that's
going to
On Jan 7, 2014, at 2:34 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
L. Aaron Kaplan kap...@cert.at writes:
As a general observation, it also promotes the thinking that all we need to
do
is choose magic algorithm A instead of magic algorithm B and everything is
fixed.
No, if we
On Jan 7, 2014, at 11:24 AM, stef s...@ctrlc.hu wrote:
On Tue, Jan 07, 2014 at 11:18:45AM +0100, L. Aaron Kaplan wrote:
1. We will have three config options: cipher String A,B,C ( generic safe
config, maximum interoperability (== this also makes the mozilla people
happy then) and finally
On 7/01/14 13:18 PM, L. Aaron Kaplan wrote:
None if this is perfect yet of course. One of the very productive feedback
results was that we should make a HTML version.
A wiki... I would say.
1. We will have three config options: cipher String A,B,C ( generic safe
config, maximum
On Tue, Jan 07, 2014 at 11:39:42AM +0100, L. Aaron Kaplan wrote:
On Jan 7, 2014, at 11:24 AM, stef s...@ctrlc.hu wrote:
On Tue, Jan 07, 2014 at 11:18:45AM +0100, L. Aaron Kaplan wrote:
1. We will have three config options: cipher String A,B,C ( generic safe
config, maximum
Hi, *
Axel Hübl wrote:
I could not agree more.
Crazy C get's totally against the scope of this document: providing
_relyable_ crypto.
If someone reads that document and goes for see, they still list it as
compatible, provide it! the document lost it's main point.
I agree too. Sorry. But
L. Aaron Kaplan kap...@cert.at writes:
As a general observation, it also promotes the thinking that all we need to
do
is choose magic algorithm A instead of magic algorithm B and everything is
fixed.
No, if we created that impression then we failed.
The problem is that as you read through
Hi Peter,
Peter Gutmann wrote:
The problem is that as you read through the text you see, again and again, a
large amount of material telling you how to configure algorithms for OpenSSL
(and then to a lesser extent OpenSSH and others). It seems to be the
overriding theme throughout the
10 matches
Mail list logo
