please disregard this mail I mixed up the behavior of roundup and trac. feel free to comment on ticket #6663 though.
Am 16.08.2013 um 08:19 schrieb Hynek Schlawack <h...@ox.cx>: >>> 1. That there is a consent on high quality ciphers: for example right >> now there are roughly two fractions who agree what is the lesser evil: RC4 >> or AES-CBC. >> >> No, it is now clear that RC4 is the greater evil. The browsers have >> deployed defenses against the "BEAST" attack on CBC (the defense is "1/n-1 >> record splitting"), and BEAST is an active attack which can only be used >> in some cases and which tends to leave evidence of the attempt. On the >> other hand, RC4 is apparently vulnerable to passive attacks, which are >> more serious. >> >> (If I'm wrong and there actually *is* a faction who still prefers RC4 >> despite the recent results against it, I'd like to read about it!) > > I’m not going to argue ciphers with you because you’re obviously right and I > already wrote elsewhere that I’m going to full defer to your judgement here. > > To explain where the above came from and eg. Qualys is still somewhat for RC4 > as a fallback cipher: to the best of my knowledge[1], Apple’s desktop Safari > browser ''still'' hasn’t activated record splitting in its latest version and > is thus still vulnerable to BEAST (and doesn’t support TLS>1). But that’s > probably a corner case enough to ignore in the defaults and will hopefully > resolve itself in Mavericks. > > [1]: Mostly from > https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what > and I’m not aware of any changes. > _______________________________________________ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com > http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
