[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Issue 282: cipher suites, discussion needed
You could just leave this to the TLS specification. For version 1.0 and 1.1 it is TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA and for 1.2 it is TLS_RSA_WITH_AES_128_CBC_SHA. If it is common today for implementations also to implement the RC4 ciphers you can have that as a recommendation as well. Something like:
"RADSEC implementation MUST support he mandatory to implement cipher suites specified in TLS. For purposes of compatibility with some current deployments implementations SHOULD support TLS_RSA_WITH_RC4_128_SHA as well."
> -----Original Message-----
> From: Stefan Winter [mailto:email@example.com]
> Sent: Wednesday, February 11, 2009 1:13 AM
> To: Joseph Salowey (jsalowey)
> Cc: firstname.lastname@example.org
> Subject: Issue 282: cipher suites, discussion needed
> > 3. I'm not sure I understand the choice of ciphersuites.
> > Why is TLS_RSA_WITH_RC4_128_SHA recommended? It seems that
> it would
> > be much preferable to use AES or 3DES?
> I could use a little help here. Is there anyone willing to
> investigate cipher suite selection? An alternative would be
> to follow the path of e.g. the EAP tunnel reqs, which cite
> NIST references for acceptable cipher suites...
> Stefan Winter
> Stefan WINTER
> Ingenieur de Recherche
> Fondation RESTENA - Réseau Téléinformatique de l'Education
> Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi
> L-1359 Luxembourg
> Tel: +352 424409 1
> Fax: +352 422473
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.