[Ach] considering your experience in selecting the perfect config string, would you...
Aaron Zauner
azet at azet.org
Sat Jun 28 02:44:36 CEST 2014
Follow up:
> for example: ECDHE + (Ed25519(EdDSA) || RSA) + ((AES-GCM ||
> AES-CTR-UMAC) || ChaCha20-Poly1305)
> (Good job here from the OpenSSH team supporting all of that ;))
By the way that agility also gives the benefit of better performance for
different architectures; Adam Langley has written about Googles
experience with preferring AES-GCM or ChaCha20-Poly1305 given a certain
architecture:
https://www.imperialviolet.org/2014/02/27/tlssymmetriccrypto.html
Ah yes, and use peer reviewed, secure, nothing-up-the-sleeve curves for
ECDHE. there should also be no way to negotiate for non-ephemeral key
transport.
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140628/72b18b97/attachment.sig>
More information about the Ach
mailing list