[Ach] Improving Applied Crypto Hardening Draft
ianG
iang at iang.org
Fri Jan 10 17:30:01 CET 2014
On 10/01/14 16:32 PM, Manuel Kraus wrote:
> Well, the naming scheme seems to be quite inconsistent anyways. DHE vs. EDH, for example, meaning the same.
I think (not 100% sure) that it is this:
DHE == Diffie-Hellman (key) Exchange
EDH == Ephemeral Diffie-Hellman (key exchange)
The term Ephemeral refers to the key being a public-key style of
operation (DH), but not saved in any context. The assumption of the PKI
crowd is that public keys have to treated as religious artifacts to be
preserved and handed from generation to generation in ceremonies
involving sacrifices and cold and fire and brimstone.
Hence, when someone invented a new approach (use DH to generate a
protocol-forward-security PFS), they needed a whole new term to indicate
how evil this particular perversion was to everyone. And evil as it
was, typically the EDH modes were not promoted, along with that other
abomination:
ADH == Anonymous Diffie-Hellman (key exchange)
So sad. If they hadn't had such massive broomsticks up such tight
places, we would have had opportunistic crypto across the entire
webspace within a few years, and the upgrade path for cert SSL would
have been about a tenth as hard. Old rant.....
> But I'd like to recommend to strictly use the common crypto stack given acronyms, instead of putting new ones in. Since this draft ist targeted at system administrators, other naming variants are useless confusing (it has confused me already). For me it is the openssl package, which rules, so I would vote for "ECDHE" in this case. Well, unless it isn't named something else in other valid crypto stacks... or the guys around openssl change it. :-P
good luck !
iang
More information about the Ach
mailing list