[Ach] meta-question on algorithm agility

René Pfeiffer lynx at luchs.at
Mon May 5 13:35:33 CEST 2014


On May 05, 2014 at 1229 +0100, ianG appeared and said:
> On 5/05/2014 11:48 am, René Pfeiffer wrote:
> > On May 05, 2014 at 1132 +0200, Hanno Böck appeared and said:
> >> On Fri, 02 May 2014 23:20:11 +0100
> >> ianG <iang at iang.org> wrote:
> >>
> >>> Imagine that algorithm agility was banned.  No more choice!  How much
> >>> resource would this free up?
> >> …
> >>
> >> Now I wonder: How would such a transition work without algorithm
> >> agility? I'm aware that algorithm agility doesn't work extremely well
> >> for the transition, but it works at least somewhat. We can e.g. probably
> >> at some point in the near future deprecate most of RC4 and SSL3 use.…
> > 
> > I agree. TLS isn't the only protocol where client/server choices leave room
> > for ambiguity. While HTTP 1.1 is getting pretty old, but HTTP client still
> > support HTTP 1.0. The transition would certainly be quicker, but even
> > modern search engine robots still opt for HTTP 1.0 given a choice. Few
> > people recompile their browsers to exclude HTTP 1.0 (and I don't think this
> > is controlled by a simple symbol definition).
> 
> HTTP 1.0 isn't dangerous.  It just lacks features for a liver web.

It was just an example of protocol tolerance (maybe a bad one), you will
find sufficient protocols/configs that affect security too. If it works,
people tend to use it no matter what the security is (see you local app
store for sleepless nights).

Best,
René.

-- 
  )\._.,--....,'``.  fL  Let GNU/Linux work for you while you take a nap.
 /,   _.. \   _\  (`._ ,. R. Pfeiffer <lynx at luchs.at> + http://web.luchs.at/
`._.-(,_..'--(,_..'`-.;.'  - System administration + Consulting + Teaching -
Got mail delivery problems?  http://web.luchs.at/information/blockedmail.php
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140505/26eb4c45/attachment.sig>


More information about the Ach mailing list