[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] TLS & SSL ciphersuite language
> However, there's a non-trivial installed-base issue. The way
> I suggest handling
> it is to specify..
>
> TLS_RSA_WITH_3DES_EDE_CBC_SHA (when using TLS)
> SSL_RSA_WITH_3DES_EDE_CBC_SHA (when using SSL)
I consider non-support for AES one of the best reasons for not using SSL. I think TLS should be the only mandatory to implement. Others can be allowed.
>
> ..as MUSTs (and therefore mandatory-to-implement) with the
> present installed
> base in mind. And then explicitly call out
> TLS_RSA_WITH_AES_128_CBC_SHA as a
> SHOULD, with the rationale somehow folded in.
>
> Are you suggesting we specify AES_128_CBC rather than
> AES_256_CBC based on
> performance or other considerations (e.g. generating longer
> keys is sometimes
> problematic randomness-wise)?
IMHO 128 bits is more than adequate key length for the foreseeable future. There is a non-trivial performance cost to using 192 or 256.
Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC