On 16 Jan 2014, at 20.24, Chris Cappuccio <ch...@nmedia.net> wrote: > > Block traffic with specific ciphers from traversing the network? That's sci.fi >
You’re right again - this stuff is futuristic but could potentially be accomplished via inspection of unencrypted packet headers, etc (i.e. via packet-pattern/flow analysis). However, it could likely be accomplished for things that access the machine itself. We are getting into the realm of wirespeed DPI now. If we won’t be doing it, somebody else will. What are our efforts worth if the crypto exists in silos and is vulnerable to side channel attacks? Is it really worth delegating these sorts of things to ports?
