While it is lovely to encrypt all the things with the strongest encryption available, I really don't think it is necessary to remove support for everything that is weak. This tends to make people refuse to upgrade, particularly if they are legacy system people. Strong security I think is best handled by negotiation.
What would be valuable is some function which returns the relative security and assurance level of the negotiated suite. This might have 3 levels: anonymous ciphers or weak encryption, minimally reasonable encryption (1024 bit rsa; aes-128; etc), and strong encryption (authenticated ciphers; 4096-bit rsa, aes-256; ecc, PFS... roughly). User agents could then use this to drive a UI element, to display the security level with colours or iconography that non-crypto people will understand and be appropriately cautioned (or assured) by. The library could raise the bar over time as the release cycle continues. This is a similar concept to EV, which has caught on and is widely recognized, even if not widely understood. Anyway, that's my abstract and dreamy idea for encouraging better crypto. The users are key, and making their stuff stop working shouldn't be the next step, even if you do allow 5 years. -------- Original message -------- From: Kurt Roeckx <k...@roeckx.be> Date: 12/14/2013 12:46 (GMT-08:00) To: dev-tech-crypto@lists.mozilla.org Subject: Longterm crypto support Hi, I think we need to come up with a plan to improve security in the long run. I think what we would like to see in general is: - Only SHA256 or better (and so TLS 1.2) - Only 2048 bit public, 128 bit symmetric, 256 bit elliptic, or better. - Drop support for RC4 and DES (leaving AES, camellia, possibly seed), maybe adding others. - Only PFS - Only authenticated encryption (GCM, CCM, ...) I think we should come up with a timeline across browsers of when we want to enforce what, and give people enough time to adopt. And I want to suggest 2 or 3 years for all of the above, but maybe 5 years is more realistic? Kurt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
