[Ach] News, summary of the last meeting and new website VM

Aaron Zauner azet at azet.org
Wed Dec 4 18:14:13 CET 2013 

As for the cipherstring. We basically agreed to deploy this one for variant B throughout the paper:

openssl ciphers -V 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!DES:!ECDSA:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA’

I do not think it makes much sense to write configurations with our A cipherstring since this one is very easy to reproduce and configure by an admin, yet the client support will not be acceptable to widespread deployment. But my opinion might differ from yours. Take the FWD mail from Vincent Rijmen into consideration though ;)

Aaron

On 04 Dec 2013, at 18:08, christian mock <cm at coretec.at> wrote:

> On Wed, Dec 04, 2013 at 03:57:48PM +0100, L. Aaron Kaplan wrote:
> 
>> 1. we arrived at a new cipher string (which includes AES128, CAMELLIA128). This needs to be included it in all subsections
> 
> I'm a bit confused -- what do we want to have in the "practical
> settings" subsections? 
> 
> One of the configurations, as e.g. in the OpenVPN subsection? (And
> which one? A or B?)
> 
> Both configurations, as e.g. in the IPSEC subsection?
> 
> And are the cipher suites/strings in section 9 now Officially
> Finalized(tm)? (Decause with IPSEC and OpenVPN updating them is more
> work than straight cut&paste and I'm a lazy bastard).
> 
> cm.
> 
> -- 
> Christian Mock                          Wiedner Hauptstr. 15
> Senior Security Engineer                1040 Wien
> CoreTEC IT Security Solutions GmbH      +43-1-5037273
> FN 214709 z
> 
> .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
> 
> http://heise.de/-1260559
> 
> .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131204/7bca2451/attachment.sig>

More information about the Ach mailing list