[Ach] Adding more cipher suites

David Durvaux david.durvaux at belnet.be
Thu Nov 14 09:45:07 CET 2013


I fully agree with the fact the AES128 and AES192 should be added.

Firstly because none of them are currently broken or close to be broken.

Secondly because some programming languages are painfull if you want to 
use AES with keylenght > 128 (Java).  Java is still widely use and I 
hope that some developpers will read this document and enhance the way 
to use crypto :-D.



Le jeu 14 nov 2013 09:40:38 CET, Adi Kriegisch a écrit :
> Hi!
>> It is my opinion that we should also add AES-128 and AES-192 based cipher suites as well as SHA256 for all of these (SHA256 is perfectly fine as far as i can tell). This sould also result in better browser support and support for java. AES-128 and AES-192 as well as SHA256 can be considered in the “strong” category in my opinion. This also doesn’t limit administrators as much. I just reviewed the paper a bit and noticed that we’re far too conservative with the amount of suites we recommend.  (See: Table 1, Table 2 in the DRAFT)
> Absolutely. There are two issues at the moment: The first, many of those
> ciphers and combinations aren't implemented in eg. OpenSSL and the second
> is that I did not find the time to review the iana listing[1] of all
> specified cipher suites and rebase our recommendations on those.
> Probably it is even time to add some notes about the upcoming TLSv1.3
> standard...
> What is there in section 7.2 is all open for review and rewrite: I'd like
> to have sections there discussing key exchange mechanisms, authentication,
> ciphers and hash functions. Then briefly show how to map the admins
> preference to the standards[1]. And last (here starts the ugly part)
> compare that to reality: check which cipher suites are supported by which
> server operating systems and by which clients.
> When this section is done, I guess, our recommendation might change...
>> There already has been discussion about adding AES128, but nobody acutally did. We should also speak about including SHA512 with some recommendations and configurations.
> Yeah, the main motivation behind AES128 support was supporting Java7. The
> reason AES128 vanished from the proposal was that Java[67] only supports DH
> params up to 1024bit which we agreed wasn't enough. At the moment the
> suggestion is to use DH params >2048 (greater than the bitlength of the
> corresponding RSA key).
> What do you think?
> -- Adi
> [1] http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

David Durvaux
Belnet CERT
PGP Key Id 0xE84A32A0
Louizalaan 231 Avenue Louise
Brussel 1050 Bruxelles
België Belgique
T: +32 790 33 33

More information about the Ach mailing list