Am Montag, 3. Februar 2014 22:50:38 UTC+1 schrieb Chris Newman:
As a non-Firefox/non-HTTP consumer of NSS, I'd like to see an NSS API flag
indicating a cipher suite is retained for backwards compatibility but
considered inferior by cryptographic community standards at the time the
NSS
Hi folks,
there is consensus that some algorithms/ciphers (e.g. RC4) allowed by default
should not be considered secure, though because of interop issues, they cannot
be removed at this point.
The problem with this is that people may think they are using a secure
connection while in fact,
As a non-Firefox/non-HTTP consumer of NSS, I'd like to see an NSS API flag
indicating a cipher suite is retained for backwards compatibility but
considered inferior by cryptographic community standards at the time the
NSS library was built.
A. is unacceptable because it breaks copy/paste of
On Monday, January 27, 2014 4:35:34 PM UTC-7, Brian Smith wrote:
On Mon, Jan 27, 2014 at 10:49 AM, ripber...@aol.com wrote:
On Monday, January 27, 2014 10:52:44 AM UTC-7, Brian Smith wrote:
On Mon, Jan 27, 2014 at 9:26 AM, ripber...@aol.com wrote:
Thanks much Brian and Alan for the
On 2014-01-27 02:43, ripber...@aol.com wrote:
Hi,
So I didn't get to the bottom of this thread because some of it is 'loading'
I really recommend that you do read all the messages. All of this has
been discussed in various thread both here and on other lists.
Encryption:
AES-256
On Monday, January 27, 2014 6:19:42 AM UTC-7, Kurt Roeckx wrote:
I really recommend that you do read all the messages. All of this has
been discussed in various thread both here and on other lists.
Ok - I will try (but it will be after this post).
Other recommendations don't not
On Mon, Jan 27, 2014 at 9:26 AM, ripber...@aol.com wrote:
On Monday, January 27, 2014 6:19:42 AM UTC-7, Kurt Roeckx wrote:
2) NIST is a US government standards board that drives a lot of compliance
regulation. There are companies what will want to be able show that they
are NIST
On Mon, Jan 27, 2014 at 09:26:20AM -0800, ripber...@aol.com wrote:
2) NIST is a US government standards board that drives a lot of compliance
regulation. There are companies what will want to be able show that they
are NIST compliant.
I'm sure it is important to some. But I
On Monday, January 27, 2014 10:52:44 AM UTC-7, Brian Smith wrote:
On Mon, Jan 27, 2014 at 9:26 AM, ripber...@aol.com wrote:
On Monday, January 27, 2014 6:19:42 AM UTC-7, Kurt Roeckx wrote:
2) NIST is a US government standards board that drives a lot of compliance
regulation.
On 27/01/14 17:26, ripber...@aol.com wrote:
2) NIST is a US government standards board that drives a lot of compliance
regulation. There are companies what will want to be able show that they
are NIST compliant. The standard at this point does NOT allow you to
use Camellia.
On Mon, Jan 27, 2014 at 10:49 AM, ripber...@aol.com wrote:
On Monday, January 27, 2014 10:52:44 AM UTC-7, Brian Smith wrote:
On Mon, Jan 27, 2014 at 9:26 AM, ripber...@aol.com wrote:
I can't speak for FF - and I've certainly read enough standards to say
that there are too many standards. I
Hi,
So I didn't get to the bottom of this thread because some of it is 'loading'
but I didn't see any mention of NIST 800-131a in all the posts I saw.
This standard (along with NIST 800-57 Part 1) provides information about
security strength and what is required. Basically NIST is saying you
On Sunday, January 26, 2014 6:25:58 PM UTC-7, ripb...@aol.com wrote:
Hi,
So I didn't get to the bottom of this thread because some of it is 'loading'
but I didn't see any mention of NIST 800-131a in all the posts I saw.
This standard (along with NIST 800-57 Part 1) provides
Hi,
So I didn't get to the bottom of this thread because some of it is 'loading'
but I didn't see any mention of NIST 800-131a in all the posts I saw.
This standard (along with NIST 800-57 Part 1) provides information about
security strength and what is required. Basically NIST is saying you
On Friday, January 3, 2014 6:24:23 PM UTC+2, Julien Vehent wrote:
According to http://www.modern.ie/ie6countdown:
* 22.2% of China uses IE6
* 4.9% of users worlwide use IE6
I believe that our jobs, as security professionals, is to provide the best
security to everyone. Not only to
On Thu, Jan 09, 2014 at 12:59:40PM -0500, Julien Vehent wrote:
I started a scan of Alexa's top 1 million websites. It's going to
take a few days to have all the results.
So far, 21 out of 1396 websites scanned support neither AES or 3DES.
I'm about half way through the scan, but it's unlikely
On Fri, Jan 10, 2014 at 08:11:02PM -0500, Julien Vehent wrote:
On Thu, Jan 09, 2014 at 12:59:40PM -0500, Julien Vehent wrote:
I started a scan of Alexa's top 1 million websites. It's going to
take a few days to have all the results.
So far, 21 out of 1396 websites scanned support neither AES
On 2013-12-15 02:41, Brian Smith wrote:
On Sat, Dec 14, 2013 at 4:47 PM, Kosuke Kaizuka cai.0...@gmail.com wrote:
little supported, never negotiated cipher
One of the largest websites which support Camellia is Yahoo!.
Firefox 26 or lower use TLS_RSA_WITH_CAMELLIA_256_CBC_SHA with Yahoo!.
On 2014-01-09 06:41, Kurt Roeckx wrote:
I'm considering if we should also drop support for RC4 on the client side.
At least IE11 on windows 8.1 doesn't do RC4, but does do 3DES.
I started a scan of Alexa's top 1 million websites. It's going to take a few
days to have all the results.
So far,
On Thu, Jan 09, 2014 at 12:59:40PM -0500, Julien Vehent wrote:
On 2014-01-09 06:41, Kurt Roeckx wrote:
I'm considering if we should also drop support for RC4 on the
client side. At least IE11 on windows 8.1 doesn't do RC4, but does
do 3DES.
I started a scan of Alexa's top 1 million
On Jan 5, 2014, at 4:27 PM, Kurt Roeckx k...@roeckx.be wrote:
On Fri, Jan 03, 2014 at 12:19:10AM +0100, Aaron Zauner wrote:
3DES isn't broken.
Triple DES provides about 112bit security (We've a section on the topic in
the Paper in the Keylenghts section). All ciphers that we
recomend are
Hi!
Sorry for being rather late in my reply; most of your questions/remarks are
already answered.
The guide is not backward compatible with all clients. We, at Mozilla, must
maintain
backward compatibility with even the oldest, most broken, clients on the
internet, and
this shapes our
On 03 Jan 2014, at 00:19, Aaron Zauner a...@azet.org wrote:
After BREAK there was this huge outcry by “security professionals” to switch
to RC4, I still think that was a dumb idea.
Sorry. BREACH of course.
Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
--
ARGH! Third time’s a charm: BEAST.
BREACH is CRIME related and has nothing to do with that.
Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Hi Kurt,
On 02 Jan 2014, at 21:51, Kurt Roeckx k...@roeckx.be wrote:
On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
I *think* they want to prefer CAMELLIA to AES, judging by the published
ciphersuite.
But the construction must be wrong because it returns AES first. If the
On 14-01-05 16:56, Aaron Zauner a...@azet.org wrote:
On Sun, Jan 5, 2014 at 4:27 PM, Kurt Roeckx k...@roeckx.be wrote:
On Fri, Jan 03, 2014 at 12:19:10AM +0100, Aaron Zauner wrote:
3DES isn't broken.
Triple DES provides about 112bit security (We've a section on the topic
in the
Hi Julien,
I took the liberty to answer a few of your questions (in CC to dev-tech-crypto
and ach). Others might want to add something as well:
On 02 Jan 2014, at 18:09, Julien Vehent jul...@linuxwall.info wrote:
Overall, I think this guide is great! The configuration examples are very
Hi Kurt,
That is true, the issue being that some software and hardware platforms do
not support RSA keys above 2048bit as of now.
I mean - I do not really have an issue with discussing to put 3DES in
there. We were a bit time restricted to do our research (i.e. we limited
ourselves to certain
On Fri, Jan 03, 2014 at 12:19:10AM +0100, Aaron Zauner wrote:
3DES isn't broken.
Triple DES provides about 112bit security (We've a section on the topic in
the Paper in the Keylenghts section). All ciphers that we
recomend are at least at 128bit security.
The document doesn't seem to say
On 5/01/14 18:27 PM, Kurt Roeckx wrote:
On Fri, Jan 03, 2014 at 12:19:10AM +0100, Aaron Zauner wrote:
3DES isn't broken.
Triple DES provides about 112bit security (We've a section on the topic in the
Paper in the Keylenghts section). All ciphers that we
recomend are at least at 128bit
Julien Vehent jul...@linuxwall.info writes:
I would argue that our documents target server configurations, where
AES-NI is now a standard.
It is not. Many sites run on virtuals, often using kvm. And most kvm
sites provide a QEMU Virtual CPU which only supports sse2.
And even without kvm,
Hi Julian,
On 4/01/14 00:04 AM, Julien Vehent wrote:
On 2014-01-03 12:58, ianG wrote:
Right, Windows XP. Which is end of life.
Microsoft killing support for a product isn't the same thing as people
throwing away their computers.
Or, are you implying that because microsoft is ending the
On 2/01/14 20:09 PM, Julien Vehent wrote:
I wish there was references to these discussions.
The problem with any references to rationale is that it often goes into
arguable and unending discussions.
There's a certain value in being quite curt about the recommendation,
and readers can take
On 2014-01-02 18:59, ianG wrote:
On 3/01/14 01:06 AM, Julien Vehent wrote:
3DES isn't broken.
No, but it is end of life. 112bit security for the 2key variant, and an 8
byte block makes it just old. If you've got AES there, use it. Who hasn't
got it?
See
On 3/01/14 19:24 PM, Julien Vehent wrote:
On 2014-01-02 18:59, ianG wrote:
On 3/01/14 01:06 AM, Julien Vehent wrote:
3DES isn't broken.
No, but it is end of life. 112bit security for the 2key variant, and
an 8 byte block makes it just old. If you've got AES there, use it.
Who hasn't got
On 2014-01-03 12:58, ianG wrote:
On 3/01/14 19:24 PM, Julien Vehent wrote:
On 2014-01-02 18:59, ianG wrote:
On 3/01/14 01:06 AM, Julien Vehent wrote:
3DES isn't broken.
No, but it is end of life. 112bit security for the 2key variant, and
an 8 byte block makes it just old. If you've got
On 1/3/2014 2:04 PM, Julien Vehent wrote:
On 2014-01-03 12:58, ianG wrote:
On 3/01/14 19:24 PM, Julien Vehent wrote:
On 2014-01-02 18:59, ianG wrote:
On 3/01/14 01:06 AM, Julien Vehent wrote:
3DES isn't broken.
No, but it is end of life. 112bit security for the 2key variant, and
an 8
On 2014-01-03 16:09, Falcon Darkstar Momot wrote:
If I may weigh in, one could certainly argue that there isn't any benefit
in allowing these people to believe that their HTTPS connections are
actually secure when they're using ciphers that we know to be broken (how
much we know them to be
On 2013-12-29 18:30, Kurt Roeckx wrote:
On Sun, Dec 15, 2013 at 11:22:32AM -0500, Julien Vehent wrote:
For the same reason, the server ciphersuite that we recommend at
https://wiki.mozilla.org/Security/Server_Side_TLS
does not drop Camellia, but lists it at the bottom of the ciphersuite.
It's a
On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
I *think* they want to prefer CAMELLIA to AES, judging by the published
ciphersuite.
But the construction must be wrong because it returns AES first. If the
intent is to
prefer Camellia, then I am most interesting in the
On Thu, Jan 02, 2014 at 10:10:49PM +0100, Aaron Zauner wrote:
What's the take on the ChaCha20/Poly1305 proposal by the Mozilla Sec. Team by
the way?
Not being part of the mozilla team myself, I at least have the
impression that they want it. You might want to look at this
old version:
Hi Aaron,
On 2014-01-02 16:10, Aaron Zauner wrote:
Hi Kurt,
On 02 Jan 2014, at 21:51, Kurt Roeckx k...@roeckx.be wrote:
On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
I *think* they want to prefer CAMELLIA to AES, judging by the
published ciphersuite.
But the construction
Hi Aaron,
Two things I'd like to mention before I reply:
1. I think it's great to have two guides with divergent points of view.
I'm mostly
interested in discussing design choices, because these discussions
are useful.
I'm not interested in convincing the ACH group that one
On Thu, January 2, 2014 1:25 pm, Julien Vehent wrote:
Hi Aaron,
On 2014-01-02 16:10, Aaron Zauner wrote:
Hi Kurt,
On 02 Jan 2014, at 21:51, Kurt Roeckx k...@roeckx.be wrote:
On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
I *think* they want to prefer CAMELLIA to
On 2014-01-02 17:12, Ryan Sleevi wrote:
On Thu, January 2, 2014 1:25 pm, Julien Vehent wrote:
Hi Aaron,
On 2014-01-02 16:10, Aaron Zauner wrote:
Hi Kurt,
On 02 Jan 2014, at 21:51, Kurt Roeckx k...@roeckx.be wrote:
On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
I *think*
On 2014-01-02 17:12, Ryan Sleevi wrote:
On Thu, January 2, 2014 1:25 pm, Julien Vehent wrote:
Hi Aaron,
On 2014-01-02 16:10, Aaron Zauner wrote:
Hi Kurt,
On 02 Jan 2014, at 21:51, Kurt Roeckx k...@roeckx.be wrote:
On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
I *think*
On Thu, Jan 02, 2014 at 02:12:47PM -0800, Ryan Sleevi wrote:
What's the take on the ChaCha20/Poly1305 proposal by the Mozilla Sec.
Team by the way?
There are 5 security teams at Mozilla, so Mozilla Sec Team is a very
large group.
I think we all want a new stream cipher in TLS to
On 3/01/14 01:06 AM, Julien Vehent wrote:
3DES isn't broken.
No, but it is end of life. 112bit security for the 2key variant, and an
8 byte block makes it just old. If you've got AES there, use it. Who
hasn't got it?
RC4 is broken, but I am yet to see a practical attack that
On Sun, Dec 15, 2013 at 11:22:32AM -0500, Julien Vehent wrote:
For the same reason, the server ciphersuite that we recommend at
https://wiki.mozilla.org/Security/Server_Side_TLS
does not drop Camellia, but lists it at the bottom of the ciphersuite.
It's a safe choice, but not one that we
On Sat, Dec 14, 2013 at 05:41:55PM -0800, Brian Smith wrote:
Fx26Fx27 Change Cipher Suite
0.00% 14.15% +14.15% TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (new)
0.00% 8.30% +8.30% TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (new)
Are you sure you didn't switch those 2? At least your
On 2013-12-14 19:47, Kosuke Kaizuka wrote:
Camellia is widely reviewed and chosen as a recommended cipher by
several independent committees.
If CAMELLIA_CBC is dropped by security reason, AES_CBC should be also
dropped.
There is another reason to drop CAMELLIA: AES with AES-NI is 8 times
On 2013-12-15 11:13, Kurt Roeckx wrote:
On Sun, Dec 15, 2013 at 10:46:04AM -0500, Julien Vehent wrote:
On 2013-12-14 19:47, Kosuke Kaizuka wrote:
Camellia is widely reviewed and chosen as a recommended cipher by
several independent committees.
If CAMELLIA_CBC is dropped by security reason,
On Sun, Dec 15, 2013 at 11:22:32AM -0500, Julien Vehent wrote:
On 2013-12-15 11:13, Kurt Roeckx wrote:
On Sun, Dec 15, 2013 at 10:46:04AM -0500, Julien Vehent wrote:
On 2013-12-14 19:47, Kosuke Kaizuka wrote:
Camellia is widely reviewed and chosen as a recommended cipher by
several
On Sun, Dec 15, 2013 at 8:46 AM, Kurt Roeckx k...@roeckx.be wrote:
But some people are also considering disabling it by default,
as I think all other where talking in this thread, not just
reduce the preference.
For the same reason, the server ciphersuite that we recommend at
I present a proposal to remove some vulnerable/deprecated/legacy TLS
ciphersuits from Firefox. I am not proposing addition of any new ciphersuits,
changing of priority order, protocol removal, or any other changes in
functionality.
I have read these proposed IETF drafts and am using them as
On Fri, Dec 13, 2013 at 10:48 PM, marlene.pr...@hushmail.com wrote:
I present a proposal to remove some vulnerable/deprecated/legacy TLS
ciphersuits from Firefox. I am not proposing addition of any new
ciphersuits, changing of priority order, protocol removal, or any other
changes in
56 matches
Mail list logo
