[Ach] 8.5.1 key exchange -- feedback, please!

L. Aaron Kaplan kaplan at cert.at
Thu Nov 21 10:44:50 CET 2013

On Nov 21, 2013, at 10:28 AM, Adi Kriegisch <adi at kriegisch.at> wrote:

> Hi!
>> regarding the
>> TODO: Team: do we need references for all cipher suites considered weak?
>> What about a single reference indicating that key lengths <112 (or
>> whatever) are considered evil?
> Ok. Added this to section 8.3. Btw this NIST publication seems to be a good
> reference: http://csrc.nist.gov/publications/PubsSPs.html#800-57-part1
> For HMAC they specify SHA-1 for 128bit ciphers only (p65). And -- up to now
> -- I didn't even think about how many different keys 3DES may use: They
> give 80 bit on 3DES with two different keys and 112bit with 3 different
> keys...
>> The "key exchange" section looks complete, but it needs much more
>> clarity, especially since this is very complicated.
> Absolutely. References to publications explaining this in more detail are
> missing.
> Any experts here who want to take a look at this?
>> And what does the colorful table show? ;-)
> Hehe... This was me trying to use traffic light colors to show what to use
> and what not... I don't like the colors -- any suggestion on how to
> proceed?

IMHO: currently describe in textual form what you mean and leave the picture there 
but add a \todo{someone with graphical / info visualisation background should look at this figure}
This way , we don't lose the idea but at least make it clear that this was only a proposal so far.

My 2 cents,

> -- Adi
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131121/6b0cad9c/attachment.sig>

More information about the Ach mailing list