[Ach] 8.5.1 key exchange -- feedback, please!

Aaron Zauner azet at azet.org
Wed Nov 20 18:36:34 CET 2013


On 20 Nov 2013, at 17:56, christian mock <cm at coretec.at> wrote:

> On Wed, Nov 20, 2013 at 03:23:16PM +0100, Adi Kriegisch wrote:
>> Hi!
>> 
>> I just started with the section about choosing your own cipher suite. The
>> idea is to first explain key exchange, authentication, encryption and
>> message authentication a little and give hints about good/bad algorithms.
>> 
>> Then move on to discuss how to select -- based on that knowledge -- cipher
>> suites in openssl syntax and what limitations a user/sysadmin may have to
>> deal with.
>> 
>> How do you like this structure? ...the content of section 8.5.1? ...and the
>> layout of that section?
> 
> regarding the
> 
> TODO: Team: do we need references for all cipher suites considered weak?

I think we should include such references!

> 
> What about a single reference indicating that key lengths <112 (or
> whatever) are considered evil?
> 
> The "key exchange" section looks complete, but it needs much more
> clarity, especially since this is very complicated. And what does the
> colorful table show? ;-)
> 
> cm.
> 
> 
> -- 
> Christian Mock                          Wiedner Hauptstr. 15
> Senior Security Engineer                1040 Wien
> CoreTEC IT Security Solutions GmbH      +43-1-5037273
> FN 214709 z
> 
> .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
> 
> http://heise.de/-1260559
> 
> .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131120/18080994/attachment.sig>


More information about the Ach mailing list