[Ach] considering your experience in selecting the perfect config string, would you...

Aaron Zauner azet at azet.org
Sat Jun 28 02:44:36 CEST 2014

Follow up:

> for example: ECDHE + (Ed25519(EdDSA) || RSA) + ((AES-GCM ||
> AES-CTR-UMAC) || ChaCha20-Poly1305)
> (Good job here from the OpenSSH team supporting all of that ;))

By the way that agility also gives the benefit of better performance for
different architectures; Adam Langley has written about Googles
experience with preferring AES-GCM or ChaCha20-Poly1305 given a certain

Ah yes, and use peer reviewed, secure, nothing-up-the-sleeve curves for
ECDHE. there should also be no way to negotiate for non-ephemeral key


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140628/72b18b97/attachment.sig>

More information about the Ach mailing list