[cryptography] the spell is broken

Alan Braggins alan.braggins at gmail.com
Fri Oct 4 05:24:56 EDT 2013


On 04/10/13 08:52, Peter Gutmann wrote:
> Jon Callas <jon at callas.org> writes:
>
>> In Silent Text, we went far more to the "one true ciphersuite" philosophy. I
>> think that Iang's writings on that are brilliant.
>
> Absolutely.  The one downside is that you then need to decide what the OTS is
> going to be.  For example Mozilla (at least via Firefox) seems to think it
> involves Camellia (!!!?!!?).

Surely that's precisely because they (and SSL/TLS generally) _don't_
have a One True Suite, they have a "pick a suite, any suite" approach?

Weird/vanity/local ciphers are "preferred" in the sense that NSS
assumes that if you put a cipher that no-one normal uses in your
list of acceptable ciphers, you probably really wanted to use it.
http://crypto.stackexchange.com/a/6548/5249
https://bug430875.bugzilla.mozilla.org/attachment.cgi?id=319703

So when servers and browsers that aren't required to use it by the
Japanese government include it just because it's lying around
and why not, it gets chosen over AES for no particular reason.
But that's not the same as making it part of the One True Suite.



More information about the cryptography mailing list