[Ach] Adding more cipher suites

Aaron Zauner azet at azet.org
Thu Nov 14 01:41:58 CET 2013


Hi,

It is my opinion that we should also add AES-128 and AES-192 based cipher suites as well as SHA256 for all of these (SHA256 is perfectly fine as far as i can tell). This sould also result in better browser support and support for java. AES-128 and AES-192 as well as SHA256 can be considered in the “strong” category in my opinion. This also doesn’t limit administrators as much. I just reviewed the paper a bit and noticed that we’re far too conservative with the amount of suites we recommend.  (See: Table 1, Table 2 in the DRAFT)

There already has been discussion about adding AES128, but nobody acutally did. We should also speak about including SHA512 with some recommendations and configurations.

I’d like to hear your opinions on the matter.

Thanks,
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131114/68b54543/attachment.sig>


More information about the Ach mailing list