[cryptography] the spell is broken

Jeffrey Goldberg jeffrey at goldmark.org
Fri Oct 4 17:58:21 EDT 2013


On 2013-10-04, at 4:24 AM, Alan Braggins <alan.braggins at gmail.com> wrote:

> Surely that's precisely because they (and SSL/TLS generally) _don't_
> have a One True Suite, they have a "pick a suite, any suite" approach?

And for those of us having to choose between preferring BEAST and RC4
for our webservers, it doesn’t look like we are really seeing the expected
benefits of “negotiate a suite”.  I’m not trying to use this to condemn the
approach; it’s a single example. But it’s a BIG single example.




More information about the cryptography mailing list