Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

On Fri, Aug 16, 2013 at 3:36 PM, Rob Stradling wrote: > > Wan-Teh, why do you think Firefox should specify a preference for ECDSA over > RSA? Because ECDSA is more secure than RSA, and ECC implementations will become faster over time. The ordering of RSA and ECDSA is really a "symbolic gesture"

Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

On 16/08/13 23:05, Wan-Teh Chang wrote: 8. Authentication: RSA before ECDSA a. RSA before ECDSA : performance b. DSA last: not in use ... I would prefer ECDSA over RSA for authentication. Wan-Teh, why do you think Firefox should specify a preference for ECDSA over RSA? If a we

Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

On 16/08/13 16:18, Ryan Sleevi wrote: On Fri, August 16, 2013 6:36 am, Rob Stradling wrote: On 15/08/13 18:15, Chris Richardson wrote: I believe this plan would have poor side effects. For example, if Apple ships clients with a broken ECDSA implementation [0], a server cannot detect detect i

Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

On Fri, Aug 16, 2013 at 11:13 AM, Camilo Viecco wrote: > Hello Brian > > I think this proposal has 3 sections. > 1. Unifing SSL behavior on browsers. > 2. Altering the criteria for cipher suite selection in Firefox (actually > NSS) > 3. removing certain cipher suites from the default firefox ciphe

Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

On 8/16/13 11:13 AM, Camilo Viecco wrote: Hello Brian I think this proposal has 3 sections. 1. Unifing SSL behavior on browsers. 2. Altering the criteria for cipher suite selection in Firefox (actually NSS) 3. removing certain cipher suites from the default firefox ciphersuite. On 1: I dont s

Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

Hello Brian I think this proposal has 3 sections. 1. Unifing SSL behavior on browsers. 2. Altering the criteria for cipher suite selection in Firefox (actually NSS) 3. removing certain cipher suites from the default firefox ciphersuite. On 1: I dont see the point, but I am not against. On 2:

Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

On Fri, August 16, 2013 6:36 am, Rob Stradling wrote: > On 15/08/13 18:15, Chris Richardson wrote: > > I believe this plan would have poor side effects. For example, if Apple > > ships clients with a broken ECDSA implementation [0], a server cannot > > detect detect if a connecting client is an A

Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

On 15/08/13 18:15, Chris Richardson wrote: I believe this plan would have poor side effects. For example, if Apple ships clients with a broken ECDSA implementation [0], a server cannot detect detect if a connecting client is an Apple product and avoid the use of ECDSA in that subset of connectio