On 03 Jan 2014, at 00:19, Aaron Zauner wrote:
> After BREAK there was this huge outcry by “security professionals” to switch
> to RC4, I still think that was a dumb idea.
Sorry. BREACH of course.
Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
--
dev-tech-
Hi Julien,
On 02 Jan 2014, at 23:06, Julien Vehent wrote:
>
> 2. My experience as a web hosting engineer, and sysadmin, has convinced me
> that
> building security recommendations on what academia thinks alone is very
> dangerous.
> Security doesn't live in a bubble. It depends on people
ARGH! Third time’s a charm: BEAST.
BREACH is CRIME related and has nothing to do with that.
Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Hi Kurt,
On 02 Jan 2014, at 21:51, Kurt Roeckx wrote:
> On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
>>> I *think* they want to prefer CAMELLIA to AES, judging by the published
>>> ciphersuite.
>>> But the construction must be wrong becaus
Hi Julien,
I took the liberty to answer a few of your questions (in CC to dev-tech-crypto
and ach). Others might want to add something as well:
On 02 Jan 2014, at 18:09, Julien Vehent wrote:
> Overall, I think this guide is great! The configuration examples are very
> useful.
> It's also good
ciphers) and since this is still in draft stage we're
able to change things like that.
Input from anyone else on the list?
Thanks,
Aaron
On Sun, Jan 5, 2014 at 4:27 PM, Kurt Roeckx wrote:
> On Fri, Jan 03, 2014 at 12:19:10AM +0100, Aaron Zauner wrote:
> >
> > > 3DES isn
6 matches
Mail list logo