[Ach] EDH/ECDH, AES128/AES256 - was: Secure E-Mail Transport based on DNSSec/TLSA/DANE

Aaron Zauner azet at azet.org
Fri Nov 6 18:10:00 CET 2015


Terje Elde wrote:
> Or to try to sum it up, if you support both (Camellia only at end of list), then:
> If neither cipher nor implementations has a problem, you’re fine.
> If AES has a problem, you’ll fall back to Camellia if either server or client disables AES.
> If Camellia has a problem, you’re fine, because you’ll use AES.
> If both has a problem, you’re still better off, because either your or browsers can steer things towards the “least broken”.

Oh well, the next mailing list where I have to defend the idea of
removing CAMELLIA (there's ongoing discussion about this on the IETF
OpenPGP list as well). My impression is that AES has seen /far/ more
cryptanalysis than CAMELLIA, especially in the last couple of years I've
barely seen any papers on CAMELLIA - we should rather recommend ciphers
that researchers have interest in attacking - otherwise there might be
some 'secret knowledge' (imagine some Nation State Agency, employing a
ton of mathematicians for example) about cryptanalysis of a certain cipher.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20151106/0c56a5f9/attachment.sig>

More information about the Ach mailing list