[cryptography] ciphersuite revocation model? (Re: the spell is broken)

Peter Todd pete at petertodd.org
Sat Oct 5 08:57:14 EDT 2013


On Sat, Oct 05, 2013 at 02:29:11PM +0200, Natanael wrote:
> Should we create some kind of CRL style protocol for algorithms? Then we'd
> have a bunch of servers run by various organizations specialized on
> crypto/computer security that can issue warnings against unsecure
> algorithms, as well as cipher modes and combinations of ciphers and
> whatever else it might be. And your client software would "subscribe" to a
> bunch of those servers.

Just make sure you sign your protocol revocation message using more than
one protocol...

Speaking of as a last ditch measure you can two messages that hash to
the same digest as a type of revocation message.

-- 
'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20131005/3c4cba16/attachment.asc>


More information about the cryptography mailing list