[Ach] Improving Applied Crypto Hardening Draft
Axel Hübl
axel.huebl at web.de
Fri Jan 10 14:53:39 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Agreed,
actually OpenSSL should have implemented now both namings for eliptic
curves as synonyms.
https://www.mail-archive.com/openssl-dev@openssl.org/msg33405.html
So maybe we can also change the cypher string to ECHDE (not tested
yet) and would stay consistent with the theory part/usual namings.
Best,
Axel
On 10.01.2014 14:32, Manuel Kraus wrote:
> Am Fri, 10 Jan 2014 11:22:26 +0100 schrieb Axel Hübl
> <axel.huebl at web.de>:
>
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
>>
>> Hi, On 10.01.2014 09:42, Manuel Kraus wrote:
>>
>>> a) Page 55
>>>
>>> Key Exchange Table
>>>
>>> - What is EECDH? Maybe you mean ECDHE instead?
>>
>> They are synonyms. One should state that since the theory section
>> always talks about "ECDHE" but the actual cypher is EECDH.
>>
>> One first attemp to improve for the Apache config that was done
>> in #33
>> https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/33
>>
>> but that problem occurs on other sections, too.
>>
>> Cheers Axel
>
> Thanks for the clarification!
>
> Well, the naming scheme seems to be quite inconsistent anyways. DHE
> vs. EDH, for example, meaning the same.
>
> But I'd like to recommend to strictly use the common crypto stack
> given acronyms, instead of putting new ones in. Since this draft
> ist targeted at system administrators, other naming variants are
> useless confusing (it has confused me already). For me it is the
> openssl package, which rules, so I would vote for "ECDHE" in this
> case. Well, unless it isn't named something else in other valid
> crypto stacks... or the guys around openssl change it. :-P
>
> Manuel
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQJ8BAEBCgBmBQJSz/tjXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDMjAzN0EzNzlGM0JGMzFGQ0VFOTJDNENE
RDNGNjFFNUYxMTMyRjY1AAoJEN0/YeXxEy9lBMcQAIy7yebRkT/yW0+YzkqvOn2M
cjuyo971DJTrPWlN9o6a7Fd8LxlNCGg7CXcbVuR5bamj58r4GSkGNa6JQ4iTtKw0
G8X1nK0vB7me44hR6NxnhkphLuXgwOnlHlgtZlNwI1aR8AV3Qwl2vNPaJUT15yK1
8rEwzd6OGm+D7CvyrpTRXWvb4TUxThOEaPtoW+UlFCdRLIahtu/Fyi6i4iCPWS5t
N7xqd8opIOz0EGfoO5pOES3FpmRK/1hps5e6xYyw5yOCcTssc8Z6HhTOjZ8IgpZS
OGMz5q3ijwlkRA79KtADFk6k9KNbEpjj8muKX02yxrIS9CTVkwZjM0IATNHD5Hta
ELI0eHCZUTMQutBFiV/pJnXJDK39t9pKjqCKoN4tT4wYMZK1GBlOP65Z7oPxy7Pi
LC2gtU8yiriAOVd7lLF3rpf7/zIGJT+48Mfl3gnUSgunbGoQcoiY9eRyBxCwWp40
xU5fYm0E5xnCcL+V9XPkR/xz6yiDYYovoke3WptdV/jgm6Jbyk/AfoYXL0iqtizX
EEIsxk5f2MrR2UGxyQismCIiOMQoQeVHCZsxqfwu1k/zMOxeY5kmv+zItUQE+GaE
JhB2xD4M576smKIvvTgtjsrk4Hjx9U9N3ec9ifT1wVqlKe4927oG1Yq6xsRc0c7Q
SiXgkgGfF9aKWz+2S+mf
=mXR7
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3740 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140110/137fdc82/attachment.bin>
More information about the Ach
mailing list