On Sat, Dec 14, 2013 at 01:12:23PM -0800, falcon wrote: > While it is lovely to encrypt all the things with the strongest encryption > available, I really don't think it is necessary to remove support for > everything that is weak. This tends to make people refuse to upgrade, > particularly if they are legacy system people. Strong security I think is > best handled by negotiation. > > What would be valuable is some function which returns the relative security > and assurance level of the negotiated suite. This might have 3 levels: > anonymous ciphers or weak encryption, minimally reasonable encryption (1024 > bit rsa; aes-128; etc), and strong encryption (authenticated ciphers; > 4096-bit rsa, aes-256; ecc, PFS... roughly). User agents could then use this > to drive a UI element, to display the security level with colours or > iconography that non-crypto people will understand and be appropriately > cautioned (or assured) by. The library could raise the bar over time as the > release cycle continues. > > This is a similar concept to EV, which has caught on and is widely > recognized, even if not widely understood. > > Anyway, that's my abstract and dreamy idea for encouraging better crypto. > The users are key, and making their stuff stop working shouldn't be the next > step, even if you do allow 5 years.
I'm not sure how widely EV is recognized. I'm pretty sure that almost nobody can tell the difference between blue and green, which now seems to be hidden until you click, or that there is that there this green name of the site in front of the URL on some https sites and not on others. I do not believe that we can educate users, and so should do what is possible to protect them by default. We currently do not support 40 bit ciphers or SSL v2 anymore, but you seem to suggest that we should. I believe there is a point in time that we should be able to say that we do not support them anymore. So maybe we should disable everything that is not considered secure by default but let the user enable some of them that we still consider reasonable (like RC4-SHA1). This could for instance be something like if you connect to the intranet it should be allowed. But I really see no excuse for that over internet. I see no point in doing weak encryption, you might as well not encrypt it. Kurt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
