- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Mon, 15 Oct 2007 20:26:04 -0700
- To: "Luis Barriga" <luis.barriga@ericsson.com>, "Web Security Context Working Group WG" <public-wsc-wg@w3.org>
- Message-ID: <2788466ED3E31C418E9ACC5C31661557084EC4@mou1wnexmb09.vcorp.ad.vrsn.com>
IDEA is not currently well thought of, can't remember if it is definitively broken but its certainly no longer A list. RC4 is a somewhat problematic cipher. It has to be done just right. The TLS implementation is considered good, others (e.g. WEP) are broken. But its still a stream cipher and much less robust in use than a good block cipher. I don't think we should write an exhaustive list olf strong ciphers. The most we should do is to note that there is a set of ciphers that the consensus recognizes as being acceptably strong which should be supported. ________________________________ From: public-wsc-wg-request@w3.org on behalf of Luis Barriga Sent: Thu 11/10/2007 10:02 AM To: Web Security Context Working Group WG Subject: RE: ISSUE-128: Strong / weak algorithms? [Techniques] NIST has an online PDF document dated 2005: "Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations" http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf At the end they have a table of recommended TLS server cypher suites that I took a snapshot and attach herewith. I think that we could consider the as "strong suites" (=combination of publi key + symmetric key + key lengths). One problem is that the selection criteria includes only FIPS-approved algorithms (a requirements for governmental use) which excludes RC4 and IDEA which can be cryptographically strong too. Luis -----Original Message----- From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Web Security Context Working Group Issue Tracker Sent: den 11 oktober 2007 13:48 To: public-wsc-wg@w3.org Subject: ISSUE-128: Strong / weak algorithms? [Techniques] ISSUE-128: Strong / weak algorithms? [Techniques] http://www.w3.org/2006/WSC/track/issues/ Raised by: Thomas Roessler On product: Techniques The current text includes a placeholder for strong TLS alorithms, intended to be filled by reference. What do we put there? http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#strong-algos
Received on Tuesday, 16 October 2007 03:30:30 UTC