On Sun, Dec 15, 2013 at 8:46 AM, Kurt Roeckx wrote:
> But some people are also considering disabling it by default,
> as I think all other where talking in this thread, not just
> reduce the preference.
>
> > For the same reason, the server ciphersuite that we recommend at
> > https://wiki.mozill
On Sun, Dec 15, 2013 at 11:22:32AM -0500, Julien Vehent wrote:
> On 2013-12-15 11:13, Kurt Roeckx wrote:
> >On Sun, Dec 15, 2013 at 10:46:04AM -0500, Julien Vehent wrote:
> >>On 2013-12-14 19:47, Kosuke Kaizuka wrote:
> >>>Camellia is widely reviewed and chosen as a recommended cipher by
> >>>sever
On 2013-12-15 11:13, Kurt Roeckx wrote:
On Sun, Dec 15, 2013 at 10:46:04AM -0500, Julien Vehent wrote:
On 2013-12-14 19:47, Kosuke Kaizuka wrote:
>Camellia is widely reviewed and chosen as a recommended cipher by
>several independent committees.
>If CAMELLIA_CBC is dropped by security reason, AE
On Sun, Dec 15, 2013 at 10:46:04AM -0500, Julien Vehent wrote:
> On 2013-12-14 19:47, Kosuke Kaizuka wrote:
> >Camellia is widely reviewed and chosen as a recommended cipher by
> >several independent committees.
> >If CAMELLIA_CBC is dropped by security reason, AES_CBC should be also
> >dropped.
>
On 2013-12-14 19:47, Kosuke Kaizuka wrote:
Camellia is widely reviewed and chosen as a recommended cipher by
several independent committees.
If CAMELLIA_CBC is dropped by security reason, AES_CBC should be also
dropped.
There is another reason to drop CAMELLIA: AES with AES-NI is 8 times
faste
On Sat, Dec 14, 2013 at 06:28:54PM -0800, Brian Smith wrote:
> Kurt,
>
> Thanks for your suggestions.
>
> On Sat, Dec 14, 2013 at 12:46 PM, Kurt Roeckx wrote:
>
> > I think we need to come up with a plan to improve security in the
> > long run. I think what we would like to see in general is:
Thanks for the detailed answer.
> 1. my disk encryption keys
I'm on ecrypfs so this should be fine.
> 2. my OS user account passphrase
Luckily they are hashed on my Linux system.
> 3. my SSH keys
> 4. my GPG keys
As they are normally in the home directory they are protected by ecryptfs.
S
On Sat, Dec 14, 2013 at 06:28:54PM -0800, Brian Smith wrote:
>
> - Only 2048 bit public, 128 bit symmetric, 256 bit elliptic, or
> > better.
> >
>
> Approximately 1.5% of Fx26 full handshakes that use RSA certs use keys
> smaller than 2048 bits. So, enforcing the 2048 bit limit is not going to
On Sat, Dec 14, 2013 at 05:41:55PM -0800, Brian Smith wrote:
> Fx26Fx27 Change Cipher Suite
> 0.00% 14.15% +14.15% TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (new)
> 0.00% 8.30% +8.30% TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (new)
Are you sure you didn't switch those 2? At least you
Camellia is the only possible alternative cipher to AES in TLS.
AES, Camellia: 128-bit or 256-bit key-size
3DES: 112-bit key-size
SEED: 128-bit key-size, almost no usage outside South Korea (disabled by
default in Firefox 27+)
> little supported, never negotiated cipher
One of the largest website
10 matches
Mail list logo
