[Ach] EDH/ECDH, AES128/AES256 - was: Secure E-Mail Transport based on DNSSec/TLSA/DANE

Gunnar Haslinger gh.bettercrypto at hitco.at
Tue Nov 3 22:59:35 CET 2015


Am 03.11.2015 um 21:41 schrieb Terje Elde:

> ... Camellia ....
> For systems I might not be responsible for in 5 years, I'd rather leave it in.

Could be a good decision or not, depending on how things come.
Maybe Camellia turns out to be broken earlier than AES. Then you have to
touch the systems you are not responsible for. So it's a 50:50 chance if
AES or Camellia gets broken earlier. If I have two ciphersuites enabled
the chance of having to change the configuration is doubled.

Turn back time 2 years.
You probably would have enabled AES and RC4.

Compare this to the question: Enable both AES+Camellia today
2 years before your argument would have lead in having enabled both
RC4+AES.
So now 2 years later you have to reconfigure your configuration.


I think it's a personal decision how to deal with this
situation/question. As nobody can predict future the chance to do it
wrong is equal regardless how you decide.






More information about the Ach mailing list