> On 15 Apr 2016, at 16:36, Aaron Zauner <a...@azet.org> wrote:by these sorts > of attackers? If not, I wouldn't include those directives. > > I'm not sure if that answers your question w.r.t. downgrade attacks, but a > quick comment on changes between the TLS versions: TLS 1.2 introduces AEAD > (authenticated encryption with associated data), these modes are currently > the only ones considered secure by academia. For example: 1.1 doesn't support > GCM, CCM,.. - so you end up with CBC or RC4, both of which are at the very > least broken in lab settings and these attacks have been improved by quite a > bit over the last couple of years, so that might be something to consider. > 1.2 also removed MD5 and SHA1 as PRFs and made them configurable in > cipher-suites (e.g. SHA256).
I think it's worth noting that these attacks are currently unfeasible for SMTP traffic to the best of my knowledge, but their use should be discouraged. And for e.g. RC4 an RFC exists prohibiting further use in standards. Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
