[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TLS] Serious crypto problem fixed by envelope HMAC method instead of currently used prefix
"Omirjan Batyrbaev" <batyr@xxxxxxxxxxxx> writes:
>I propose to use envelope method instead of currently used prefix method in
>HMAC. The measure is important especially since it was pointed out that the
>NULL cipher suites have a real use and since some ciphers are intentionally
>weak.
To quote one of the endless Police Academy films, "Is all this crap really
necessary?". We've now got to the point where people are proposing to make
significant, incompatible changes to core portions of TLS just to support
broken, insecure mechanisms that should never be used in the first place. If
people want to have weak security, let them have weak security, but don't make
the rest of TLS suffer because of it. Or of you really think this is needed,
put it in a separate profile of TLS so everyone else can stick with the
standard mechanisms.
Peter "little sympathy has been extended" (from the Vax assembler manual)
_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls