NIST SP800-52 Rev.1 is also in draft, with community comment requested. http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-52-Rev.%201
I'd say they should require PFS, but it's another standards body's commentary. > To: [email protected] > From: [email protected] > Subject: Re: Dusting off lafs-rpg. > Date: Mon, 25 Nov 2013 16:16:10 -0800 > > Zooko O'Whielacronx wrote: > > > On Sun, Oct 13, 2013 at 9:09 PM, Callme Whatiwant <[email protected]> > > wrote: > >> > >> Thanks Patrick! Before I accepted this, I was hoping people with more > >> knowledge of recent TLS vulnerabilities and/or forward secrecy could take > >> a glance at the cipher list and comment on if it's still "Today's Best > >> TLS config". > > > > Here's Hynek Schlawack's ¹, which is partially based on mine ² and > > partially based on qualsys "ssllabs". > > > > Regards, > > > > Zooko > > > > ¹ http://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ > > > > ² > > https://github.com/LeastAuthority/leastauthority.com/issues/92#issuecomment-26292572 > > You may find it interesting that the IETF is creating a TLS > best-current-practices RFC: > > http://tools.ietf.org/html/draft-sheffer-tls-bcp-01 > > _______________________________________________ > tahoe-dev mailing list > [email protected] > https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
_______________________________________________ tahoe-dev mailing list [email protected] https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
