- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Mon, 3 Nov 2014 12:20:03 -0800
- To: Martin J. Dürst <duerst@it.aoyama.ac.jp>
- Cc: Martin Nilsson <nilsson@opera.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 1 November 2014 12:50, "Martin J. Dürst" <duerst@it.aoyama.ac.jp> wrote: >> I think it can be even easier than that. Given the assumption that no new >> suites >> will be created with worse security properties than the banned ones the >> ciphersuite can be any of these three >> >> - Known and secure >> - Known and insecure >> - Unknown and secure > > > Not necessarily true. Of course nobody wants to create new suites with worse > properties, but just imagine a new suite that looks very good and gets > introduced, but then a year or two down the line, a crucial flaw is found. > For a piece of software that hasn't been updated during that time, the > cypher is unknown but insecure. The important distinction here is not "secure" or "not secure". The distinction is "AEAD" and "not AEAD", which is far more deterministic than anything regarding security. So: if you s/secure/AEAD/ in Martin's list above, you get the right results. (Note: I'm being imprecise here: it's not a requirement for AEAD, it's a requirement for NOT stream or block.)
Received on Monday, 3 November 2014 20:20:31 UTC