[Ach] 8.5.1 key exchange -- feedback, please!
Aaron Zauner
azet at azet.org
Wed Nov 20 18:36:34 CET 2013
On 20 Nov 2013, at 17:56, christian mock <cm at coretec.at> wrote:
> On Wed, Nov 20, 2013 at 03:23:16PM +0100, Adi Kriegisch wrote:
>> Hi!
>>
>> I just started with the section about choosing your own cipher suite. The
>> idea is to first explain key exchange, authentication, encryption and
>> message authentication a little and give hints about good/bad algorithms.
>>
>> Then move on to discuss how to select -- based on that knowledge -- cipher
>> suites in openssl syntax and what limitations a user/sysadmin may have to
>> deal with.
>>
>> How do you like this structure? ...the content of section 8.5.1? ...and the
>> layout of that section?
>
> regarding the
>
> TODO: Team: do we need references for all cipher suites considered weak?
I think we should include such references!
>
> What about a single reference indicating that key lengths <112 (or
> whatever) are considered evil?
>
> The "key exchange" section looks complete, but it needs much more
> clarity, especially since this is very complicated. And what does the
> colorful table show? ;-)
>
> cm.
>
>
> --
> Christian Mock Wiedner Hauptstr. 15
> Senior Security Engineer 1040 Wien
> CoreTEC IT Security Solutions GmbH +43-1-5037273
> FN 214709 z
>
> .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
>
> http://heise.de/-1260559
>
> .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131120/18080994/attachment.sig>
More information about the Ach
mailing list