[cryptography] the spell is broken

Jeffrey Walton noloader at gmail.com
Sat Oct 5 17:47:09 EDT 2013


On Sat, Oct 5, 2013 at 3:13 PM, Erwann Abalea <eabalea at gmail.com> wrote:
>
> 2013/10/4 Paul Wouters <paul at cypherpunks.ca>
>>
>> [...]
>> People forget the NSA has two faces. One side is good.  NIST and FIPS
>> and NSA are all related. One lesson here might be, only use FIPS when
>> the USG requires it. That said, a lot of FIPS still makes sense. I'm
>> surely not going to stick with md5 or sha1.
>>
>
> We're still using HMAC-SHA1 for most TLS ciphersuites, RSA(MD5||SHA1) for
> TLS signatures (until TLS1.2), and RSA(SHA1) to sign (EC)DHE parameters.
> SHA1 is still there.
>
>>> There are alternatives, it doesn't hurt to get them in place.
>>
>> Yes, like the IETF brainpool drafts.
>
> RFC5639 standardized the curves, RFC7027 allows them to be used for TLS.
> They're no more drafts.
>
Do you know if there's a standard name and OID assigned to Dr.
Bernstein's gear? IETF only makes one mention of 25519 in the RFC
search, and its related to TLS and marked TBD.

Lack of a mailing list for NACl is crippling.

(Sorry to wander a bit).

Jeff


More information about the cryptography mailing list