[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

on TLS ciphersuites

To: or-dev@xxxxxxxx
Subject: on TLS ciphersuites
From: chris@xxxxxxxxxxxx
Date: Wed, 3 Jan 2007 14:48:03 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-dev-outgoing@seul.org
Delivered-to: or-dev@seul.org
Delivery-date: Wed, 03 Jan 2007 14:48:11 -0500
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-dev@xxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)

I'm curious about need to specify 2 TLS ciphersuites in the spec...

All implementations MUST support
   the TLS ciphersuite "TLS_EDH_RSA_WITH_DES_192_CBC3_SHA", and SHOULD
   support "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available

Is the problem that we can't assume every TLS implentation is using strong
enough encryption?  It is a shame Tor must worry about these low level details
of TLS.

Why can't we just say everyone MUST use "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" and
be done with it?

(This isn't a fault of Tor but I'm bugged TLS allowed weak ciphersuites such
that Tor must demand they NOT be used.)

chris
--

_______________________________________

Christian Seberino, Ph.D.
5707 SANTA FE ST
SAN DIEGO, CA 92109-1622

Phone: (619) 573-4233
Email: chris@xxxxxxxxxxxx
_______________________________________

Follow-Ups:
- Re: on TLS ciphersuites
  - From: Nick Mathewson

Prev by Author: one more please...:)
Next by Author: Re: one more please...:)
Previous by thread: Re: one more please...:)
Next by thread: Re: on TLS ciphersuites
Index(es):
- Author
- Thread