[Ach] Improving Applied Crypto Hardening Draft
axel.huebl at web.de
Fri Jan 10 14:53:39 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
actually OpenSSL should have implemented now both namings for eliptic
curves as synonyms.
So maybe we can also change the cypher string to ECHDE (not tested
yet) and would stay consistent with the theory part/usual namings.
On 10.01.2014 14:32, Manuel Kraus wrote:
> Am Fri, 10 Jan 2014 11:22:26 +0100 schrieb Axel Hübl
> <axel.huebl at web.de>:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
>> Hi, On 10.01.2014 09:42, Manuel Kraus wrote:
>>> a) Page 55
>>> Key Exchange Table
>>> - What is EECDH? Maybe you mean ECDHE instead?
>> They are synonyms. One should state that since the theory section
>> always talks about "ECDHE" but the actual cypher is EECDH.
>> One first attemp to improve for the Apache config that was done
>> in #33
>> but that problem occurs on other sections, too.
>> Cheers Axel
> Thanks for the clarification!
> Well, the naming scheme seems to be quite inconsistent anyways. DHE
> vs. EDH, for example, meaning the same.
> But I'd like to recommend to strictly use the common crypto stack
> given acronyms, instead of putting new ones in. Since this draft
> ist targeted at system administrators, other naming variants are
> useless confusing (it has confused me already). For me it is the
> openssl package, which rules, so I would vote for "ECDHE" in this
> case. Well, unless it isn't named something else in other valid
> crypto stacks... or the guys around openssl change it. :-P
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3740 bytes
Desc: S/MIME Cryptographic Signature
More information about the Ach