Kurt,
Thanks for your suggestions.
On Sat, Dec 14, 2013 at 12:46 PM, Kurt Roeckx wrote:
> I think we need to come up with a plan to improve security in the
> long run. I think what we would like to see in general is:
> - Only SHA256 or better (and so TLS 1.2)
>
This is gated almost purely on
On Sat, Dec 14, 2013 at 4:47 PM, Kosuke Kaizuka wrote:
> > little supported, never negotiated cipher
>
> One of the largest websites which support Camellia is Yahoo!.
> Firefox 26 or lower use TLS_RSA_WITH_CAMELLIA_256_CBC_SHA with Yahoo!.
>
In Firefox 27 or later, Yahoo! will choose TLS_RSA_WIT
Camellia is the only possible alternative cipher to AES in TLS.
> little supported, never negotiated cipher
One of the largest websites which support Camellia is Yahoo!.
Firefox 26 or lower use TLS_RSA_WITH_CAMELLIA_256_CBC_SHA with Yahoo!.
> not as well-tested & reviewed as AES ciphersuits
Cam
On Sat, Dec 14, 2013 at 3:51 PM, Kurt Roeckx wrote:
> On Sat, Dec 14, 2013 at 03:36:44PM -0800, Brian Smith wrote:
> >
> > Note that the cipher suites above were not agreed to in the previous
> > discussion and were not part of my proposal linked to above. They have
> been
> > enabled for a long
On Sat, Dec 14, 2013 at 03:36:44PM -0800, Brian Smith wrote:
>
> Note that the cipher suites above were not agreed to in the previous
> discussion and were not part of my proposal linked to above. They have been
> enabled for a long time, and I did not disable them in Firefox 27 because I
> wanted
On Sat, Dec 14, 2013 at 2:13 PM, falcon wrote:
> I believe startssl (even) will sign ecdsa certs if you send a csr for one,
> but this is of little utility without an ecdsa trust anchor.
>
> Original message
> From: cl...@jhcloos.com
>
> Brian Smith writes:
> > Cipher Suite
On Fri, Dec 13, 2013 at 10:48 PM, wrote:
> I present a proposal to remove some vulnerable/deprecated/legacy TLS
> ciphersuits from Firefox. I am not proposing addition of any new
> ciphersuits, changing of priority order, protocol removal, or any other
> changes in functionality.
>
> I have read
I believe startssl (even) will sign ecdsa certs if you send a csr for one, but
this is of little utility without an ecdsa trust anchor.
Original message
From: cl...@jhcloos.com
Date: 12/14/2013 13:34 (GMT-08:00)
To: mozilla-dev-tech-cry...@lists.mozilla.org
Subject: Re: Pro
Please correct me if you have stats, but I suspect it may take some time to
undo the work Qualys et. al. have done to encourage everyone to force RC4 (even
though they have retracted their advice since).
Original message
From: Kurt Roeckx
Date: 12/14/2013 13:52 (GMT-08:00)
On Sat, Dec 14, 2013 at 01:12:23PM -0800, falcon wrote:
> While it is lovely to encrypt all the things with the strongest encryption
> available, I really don't think it is necessary to remove support for
> everything that is weak. This tends to make people refuse to upgrade,
> particularly if
Brian Smith writes:
> Cipher Suite Count %
> --
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 332,786 8.30%
> TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 4,601 0.11%
Who issues ECDSA certs?
Is t
While it is lovely to encrypt all the things with the strongest encryption
available, I really don't think it is necessary to remove support for
everything that is weak. This tends to make people refuse to upgrade,
particularly if they are legacy system people. Strong security I think is best
Hi,
I think we need to come up with a plan to improve security in the
long run. I think what we would like to see in general is:
- Only SHA256 or better (and so TLS 1.2)
- Only 2048 bit public, 128 bit symmetric, 256 bit elliptic, or
better.
- Drop support for RC4 and DES (leaving AES, camellia
On Sat, Dec 14, 2013 at 06:48:01AM +, marlene.pr...@hushmail.com wrote:
> I present a proposal to remove some vulnerable/deprecated/legacy TLS
> ciphersuits from Firefox. I am not proposing addition of any new ciphersuits,
> changing of priority order, protocol removal, or any other changes i
On Fri, Dec 13, 2013 at 11:51 PM, Brian Smith wrote:
> I will comment on your proposal again later. However, I want to share with
> you some usage data from Firefox 28 Beta, that I think we will find helpful
> in understanding what servers do. These numbers represent the cipher suite
> chosen by
15 matches
Mail list logo
