NIST has an online PDF document dated 2005:
"Guidelines for the Selection and Use of Transport Layer Security (TLS)
Implementations"
http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf
At the end they have a table of recommended TLS server cypher suites
that I took a snapshot and attach herewith. I think that we could
consider the as "strong suites" (=combination of publi key + symmetric
key + key lengths).
One problem is that the selection criteria includes only FIPS-approved
algorithms (a requirements for governmental use) which excludes RC4 and
IDEA which can be cryptographically strong too.
Luis
-----Original Message-----
From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org]
On Behalf Of Web Security Context Working Group Issue Tracker
Sent: den 11 oktober 2007 13:48
To: public-wsc-wg@w3.org
Subject: ISSUE-128: Strong / weak algorithms? [Techniques]
ISSUE-128: Strong / weak algorithms? [Techniques]
http://www.w3.org/2006/WSC/track/issues/
Raised by: Thomas Roessler
On product: Techniques
The current text includes a placeholder for strong TLS alorithms,
intended to be filled by reference. What do we put there?
http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#strong-algos
