[Security] TLS Certificates Verification

Dave Cridland dave at cridland.net
Tue Aug 19 17:08:51 CDT 2008


On Tue Aug 19 22:42:55 2008, Eric Rescorla wrote:
> So, I would definitely hope that any new protocol we decided on  
> would
> have enough algorithm agility to
> let us upgrade to newer algorithms--though as the experience with  
> TLS
> 1.2 showed, this is often
> easier said than done.
> 
> 
Sure, but at least we have the general capability to change  
ciphersuites in TLS, and hash algorithms in SCRAM. And we can switch  
away from SCRAM entirely, and upgrade TLS yet again, if needs be.


> That said, if Quantum Computing suddenly allows us to factor  
> 1024-bit
> numbers in practical periods
> of time, we've probably got a huge problem and it's not clear how to
> salvage any of our
> protocols.

One time pads make great Christmas presents, especially when sent  
over a single fibre encoded in the polarization of the photons.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade


More information about the Security mailing list