On Sat, Nov 09, 2013 at 02:57:48PM -0800, Brian Smith wrote: > Last week, I also learned that ENISA, a European standards group, > recommends Camellia alongside AES as a future-proof symmetric cipher > algorithm; see [4].
They recommend: - *_AES_*_GCM_* - *_CAMELLIA_*_GCM_* - *_AES_*_CCM_* As I already mentioned a few time, I'm still missing some of the *_AES_*_GCM_* ciphers, specially the DHE ones. > I think we probably want to still disable Camellia > cipher suites by default in the long term anyway, but I did not > disable them in Firefox Nightly yet. In order for it to make sense to > continue offering Camellia cipher suites long term, we would need to > improve NSS's support for Camellia to add the ECDHE variants of the > Camellia cipher suites. Currently, I think the best course of action > is to let the current configuration ship, then disable Camellia > support, and eventually add ECDHE_*_WITH_CAMELLIA_* support to NSS, so > that it is ready in case some problem with AES is found. I don't understand the part where you want to disable it. Kurt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
