OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] TLS & SSL ciphersuite language

Title: RE: [security-services] TLS & SSL ciphersuite language

> However, there's a non-trivial installed-base issue. The way
> I suggest handling
> it is to specify..
>     TLS_RSA_WITH_3DES_EDE_CBC_SHA  (when using TLS)
>     SSL_RSA_WITH_3DES_EDE_CBC_SHA  (when using SSL)

I consider non-support for AES one of the best reasons for not using SSL. I think TLS should be the only mandatory to implement. Others can be allowed.

> ..as MUSTs (and therefore mandatory-to-implement) with the
> present installed
> base in mind. And then explicitly call out
> SHOULD, with the rationale somehow folded in.
> Are you suggesting we specify AES_128_CBC rather than
> AES_256_CBC based on
> performance or other considerations (e.g. generating longer
> keys is sometimes
> problematic randomness-wise)?

IMHO 128 bits is more than adequate key length for the foreseeable future. There is a non-trivial performance cost to using 192 or 256.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC