On 19/08/13 19:06, Kurt Roeckx wrote:
I understand that GCM is faster, but the implementations might have side channel attacks. So I'm not sure if GCM or CBC is better, but we should probably prefer GCM or CBC.
GCM (while recognizing that it isn't widely supported yet). (At least unless http://tools.ietf.org/html/draft-gutmann-tls-encrypt-then-mac-00 gets anywhere - the current choice isn't so much "GCM or CBC" as "GCM or MAC-then-encrypt-CBC". Personally I don't see very much point in Peter's proposal - supporting the new extension won't be that much less work than GCM, and GCM suites are already standardized.) -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
