On 18/11/2015 00:25, Salz, Rich wrote: > > ?I have seen rumors (nothing reliable) that the TLS WG is proposing > to disable a whole lot of good cipher suites in TLS 1.3. > > Well, it?s pretty easy to verify. Look at the IETF TLS-WG web page, > and get a pointer to the current draft doc. > > Yes, TLS removes non-AEAD ciphers, and has only PFS key exchange. > > What I have seen of AEAD ciphers, they tend to be designed right "at the margin" in terms of security, compared to traditional combinations of one MAC algorithm with a different encryption algorithm, where the different algorithms tend to protect each other against many attacks. The recent NSA notes on post-suite B and quantum-resistant algorithms reminds us that all of the PFS key exchanges (DH and ECDH) available are vulnerable to decryption of wiretapped (recorded) transmissions once a real quantum computer is built by anyone. So are the other public key exchange algorithms in TLS, but not the PSK algorithms without PFS. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
