[Ach] Proposal to Remove legacy TLS Ciphersuits Offered by Firefox

Julien Vehent julien at linuxwall.info
Thu Jan 2 22:25:56 CET 2014

Hi Aaron,

On 2014-01-02 16:10, Aaron Zauner wrote:
> Hi Kurt,
> On 02 Jan 2014, at 21:51, Kurt Roeckx <kurt at roeckx.be> wrote:
>> On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
>>>> I *think* they want to prefer CAMELLIA to AES, judging by the 
>>>> published ciphersuite.
>>>> But the construction must be wrong because it returns AES first. 
>>>> If the intent is to
>>>> prefer Camellia, then I am most interesting in the rationale.
>>> Thanks for reporting this!
>>> Yes. The intent was to prefer Camellia where possible. First off we 
>>> wanted to have more diversity. Second not everybody
>>> is running a sandybridge (or newer) processor. Camellia has better 
>>> performance for non-intel processors with about the
>>> same security.

I would argue that our documents target server configurations, where 
AES-NI is now a standard.

> What’s the take on the ChaCha20/Poly1305 proposal by the Mozilla Sec.
> Team by the way?

There are 5 security teams at Mozilla, so Mozilla Sec Team is a very 
large group.
I think we all want a new stream cipher in TLS to replace RC4. But 
that's going
to take years, and won't help the millions of people who don't replace 
their software
that often.

 From an Operations Security point of view, the question is: how do we 
provide the
best security possible, with the cards we currently have in our hands, 
and without
discarding anybody. ChaCha20/Poly1305 isn't gonna help with that in the 
short term.

- Julien

More information about the Ach mailing list