oss-sec mailing list archives
Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1]
From: Seth Arnold <seth.arnold () canonical com>
Date: Fri, 15 Nov 2013 11:38:28 -0800
On Thu, Nov 14, 2013 at 11:58:47PM -0700, Kurt Seifried wrote:
Think of all the things that currently use (often older versions of) OpenSSL/PolarSSL/GnuTLS/etc and will never get updated...
This is an argument for agressively assigning CVEs. If we're going to have devices on our networks that are known to be a decade behind the state of technology we should clearly label them as the security risk they are. (TLS 1.2 is over five years old.) Thanks
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Re: Microsoft Warns Customers Away From RC4 and SHA-1, (continued)
- cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Daniel Kahn Gillmor (Nov 13)
- Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Tim (Nov 14)
- Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Kurt Seifried (Nov 14)
- Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Chris Palmer (Nov 14)
- Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Kurt Seifried (Nov 14)
- Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Chris Palmer (Nov 15)
- Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Kurt Seifried (Nov 15)
- Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Marcus Meissner (Nov 15)
- Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Tim (Nov 15)
- Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1] Seth Arnold (Nov 15)