Hi, I think we need to come up with a plan to improve security in the long run. I think what we would like to see in general is: - Only SHA256 or better (and so TLS 1.2) - Only 2048 bit public, 128 bit symmetric, 256 bit elliptic, or better. - Drop support for RC4 and DES (leaving AES, camellia, possibly seed), maybe adding others. - Only PFS - Only authenticated encryption (GCM, CCM, ...)
I think we should come up with a timeline across browsers of when we want to enforce what, and give people enough time to adopt. And I want to suggest 2 or 3 years for all of the above, but maybe 5 years is more realistic? Kurt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
