[Ach] Proposal to Remove legacy TLS Ciphersuits Offered by Firefox
azet at azet.org
Thu Jan 2 22:10:49 CET 2014
On 02 Jan 2014, at 21:51, Kurt Roeckx <kurt at roeckx.be> wrote:
> On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
>>> I *think* they want to prefer CAMELLIA to AES, judging by the published ciphersuite.
>>> But the construction must be wrong because it returns AES first. If the intent is to
>>> prefer Camellia, then I am most interesting in the rationale.
>> Thanks for reporting this!
>> Yes. The intent was to prefer Camellia where possible. First off we wanted to have more diversity. Second not everybody
>> is running a sandybridge (or newer) processor. Camellia has better performance for non-intel processors with about the
>> same security.
> I know that for AES people having been putting an effort in making
> this constant time. Having AES-NI clearly helps with this. I
> can't say the same for Camellia and so think it doesn't make sense
> to prefer it over AES.
> NSS/Firefox currently still has Camellia as first non-ECDHE and
> as result does use it for sites supporting it. But as far as I
> know it's the only browser supporting it, and the next version is
> going to prefer AES over Camellia all the time which resulted in
> it's usage going from about 5% to as good as 0%.
Sadly, yes. Camellia is a good cipher, but with AES-NI it’s almost irrelevant to TLS traffic.
> There has also been talk about either disbaling it by default
> or even dropping support for it but that currently didn't happen
That’s a good point. We might want to review this decision.
We generally do that during meet ups (are reported onto the ML) or on the mailing list.
What’s the take on the ChaCha20/Poly1305 proposal by the Mozilla Sec. Team by the way?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Ach