- From: Martin J. Dürst <duerst@it.aoyama.ac.jp>
- Date: Sun, 02 Nov 2014 04:50:13 +0900
- To: Martin Nilsson <nilsson@opera.com>, ietf-http-wg@w3.org
On 2014/11/02 01:53, Martin Nilsson wrote: > I think it can be even easier than that. Given the assumption that no new suites > will be created with worse security properties than the banned ones the > ciphersuite can be any of these three > > - Known and secure > - Known and insecure > - Unknown and secure Not necessarily true. Of course nobody wants to create new suites with worse properties, but just imagine a new suite that looks very good and gets introduced, but then a year or two down the line, a crucial flaw is found. For a piece of software that hasn't been updated during that time, the cypher is unknown but insecure. Regards, Martin.
Received on Saturday, 1 November 2014 19:50:46 UTC