[Ach] Improving Applied Crypto Hardening Draft
Axel Hübl
axel.huebl at web.de
Fri Jan 10 17:41:45 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
What about: Let us just add a
lists of abbreviations
in front of the theory section?
Cheers,
Axel
On 10.01.2014 17:30, ianG wrote:
> On 10/01/14 16:32 PM, Manuel Kraus wrote:
>
>> Well, the naming scheme seems to be quite inconsistent anyways.
>> DHE vs. EDH, for example, meaning the same.
>
>
> I think (not 100% sure) that it is this:
>
> DHE == Diffie-Hellman (key) Exchange EDH == Ephemeral
> Diffie-Hellman (key exchange)
>
> The term Ephemeral refers to the key being a public-key style of
> operation (DH), but not saved in any context. The assumption of
> the PKI crowd is that public keys have to treated as religious
> artifacts to be preserved and handed from generation to generation
> in ceremonies involving sacrifices and cold and fire and
> brimstone.
>
> Hence, when someone invented a new approach (use DH to generate a
> protocol-forward-security PFS), they needed a whole new term to
> indicate how evil this particular perversion was to everyone. And
> evil as it was, typically the EDH modes were not promoted, along
> with that other abomination:
>
> ADH == Anonymous Diffie-Hellman (key exchange)
>
> So sad. If they hadn't had such massive broomsticks up such tight
> places, we would have had opportunistic crypto across the entire
> webspace within a few years, and the upgrade path for cert SSL
> would have been about a tenth as hard. Old rant.....
>
>
>> But I'd like to recommend to strictly use the common crypto
>> stack given acronyms, instead of putting new ones in. Since this
>> draft ist targeted at system administrators, other naming
>> variants are useless confusing (it has confused me already). For
>> me it is the openssl package, which rules, so I would vote for
>> "ECDHE" in this case. Well, unless it isn't named something else
>> in other valid crypto stacks... or the guys around openssl change
>> it. :-P
>
>
> good luck !
>
> iang
>
> _______________________________________________ Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQJ8BAEBCgBmBQJS0CLJXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDMjAzN0EzNzlGM0JGMzFGQ0VFOTJDNENE
RDNGNjFFNUYxMTMyRjY1AAoJEN0/YeXxEy9lo+YP/2sWXaqtvbfQTQVQc6gMHoFw
9l9MiO/kZPvJwmYJCkoP+wKNaLQCpjarZEK/vtwcphYD+AUlg3/a7mUhEU83YYQ1
3SjjDlxtEOhlwmmcK90CmvC15VZwl+7IKwkzhZLlcDKL2VuOaj1vvTSs2G06kVSQ
uuBFJN3rJuKUdE0Ss9qGIrCs6jpRtlB2nu3Np/H89zoAjYtsigrnxCZTQgrIeG+Q
BJTP5h/tn75LZyz2MtTg/plYtp2JbDrGiMuyYZ8Ft/qKxmOWWN1zQzRRiNqsTcDe
aDTeOXxGUjQ9NVnNiylN44DTbvmxdeec46rsYCLAB48qYQHXtZibIiFRzjqf7ASj
0kGlDltqoqqfSvKMHPDJeEBzcc5ZNqxRyVL4r0PWykwmIjnrYM19xpcnRI6iYL0n
QqT9/Sk3Yw7vc0pAFtyGe/XG+8mxpyVan+bQ8P0nal2sumLOM+SaJIkWF6OlK44G
ADWJsEYjUE+Uu2DobqAXfgb7WccSrtBoHd2zxby5JqeiRc4LoOMYvM0jq73/OgJ+
XJUn7mX8oGTL5DGLPXYcsMnm3fpXhi8OhHiK9qmvVAV+iQ5bu/69QlbeN3Kc4EIg
44l+qlxvzV5FUKfEb+7DEeKkUhGipiPJKhKxJ++Qa+sbUf/wDhsqDr/aICOsiZ9Y
6EDJvr9O03J0XQIiO1vR
=zBif
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3740 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140110/41ead5c9/attachment.bin>
More information about the Ach
mailing list