[Ach] Improving Applied Crypto Hardening Draft
axel.huebl at web.de
Fri Jan 10 17:41:45 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
What about: Let us just add a
lists of abbreviations
in front of the theory section?
On 10.01.2014 17:30, ianG wrote:
> On 10/01/14 16:32 PM, Manuel Kraus wrote:
>> Well, the naming scheme seems to be quite inconsistent anyways.
>> DHE vs. EDH, for example, meaning the same.
> I think (not 100% sure) that it is this:
> DHE == Diffie-Hellman (key) Exchange EDH == Ephemeral
> Diffie-Hellman (key exchange)
> The term Ephemeral refers to the key being a public-key style of
> operation (DH), but not saved in any context. The assumption of
> the PKI crowd is that public keys have to treated as religious
> artifacts to be preserved and handed from generation to generation
> in ceremonies involving sacrifices and cold and fire and
> Hence, when someone invented a new approach (use DH to generate a
> protocol-forward-security PFS), they needed a whole new term to
> indicate how evil this particular perversion was to everyone. And
> evil as it was, typically the EDH modes were not promoted, along
> with that other abomination:
> ADH == Anonymous Diffie-Hellman (key exchange)
> So sad. If they hadn't had such massive broomsticks up such tight
> places, we would have had opportunistic crypto across the entire
> webspace within a few years, and the upgrade path for cert SSL
> would have been about a tenth as hard. Old rant.....
>> But I'd like to recommend to strictly use the common crypto
>> stack given acronyms, instead of putting new ones in. Since this
>> draft ist targeted at system administrators, other naming
>> variants are useless confusing (it has confused me already). For
>> me it is the openssl package, which rules, so I would vote for
>> "ECDHE" in this case. Well, unless it isn't named something else
>> in other valid crypto stacks... or the guys around openssl change
>> it. :-P
> good luck !
> _______________________________________________ Ach mailing list
> Ach at lists.cert.at
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3740 bytes
Desc: S/MIME Cryptographic Signature
More information about the Ach