Re: Road to RC4-free web (the case for YouTube without RC4)

On 2014-06-30 02:35, Hubert Kario wrote: The benefits of ECDHE outweigh the risks of using RC4, I have to disagree here. Even 1024 bit DHE requires a targeted attack at ~80 bit complexity. Currently we see RC4 at around 56 bit, with a completely unoptimized attack... Do you have a reference

Re: Intent to unimplement: proprietary window.crypto functions/properties

On Fri, Jun 27, 2014 at 6:32 PM, Brian Smith br...@briansmith.org wrote: Hi The issue is that the WebCrypto API uses a totally separate keystore from the X.509 client certificate keystore (if it doesn't, it should be), and the stuff that Red Hat does is about client certificates. AFAICT,

Re: Road to RC4-free web (the case for YouTube without RC4)

- Original Message - From: Kurt Roeckx k...@roeckx.be To: mozilla-dev-tech-cry...@lists.mozilla.org Sent: Monday, 30 June, 2014 10:56:13 AM Subject: Re: Road to RC4-free web (the case for YouTube without RC4) On 2014-06-30 02:35, Hubert Kario wrote: The benefits of ECDHE outweigh

Re: Intent to unimplement: proprietary window.crypto functions/properties

Am 27.06.2014 18:32, schrieb Brian Smith: However, I think that is a good idea anyway, because Firefox (and Thunderbird) should be using the native OS for client certificates and S/MIME certificates anyway. Additionally or exclusive? When I think of using smartcard-based client certificates

Re: Road to RC4-free web (the case for YouTube without RC4)

- Original Message - From: Brian Smith br...@briansmith.org To: mozilla's crypto code discussion list dev-tech-crypto@lists.mozilla.org Sent: Monday, 30 June, 2014 12:23:41 AM Subject: Re: Road to RC4-free web (the case for YouTube without RC4) On Sun, Jun 29, 2014 at 11:18 AM,