Re: [TLS] Issue 56: AES as MTI
Mike <mike-list@pobox.com> Fri, 14 September 2007 21:17 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWIXg-0004Yr-1c; Fri, 14 Sep 2007 17:17:36 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWIXe-0004YS-Cj for tls@ietf.org; Fri, 14 Sep 2007 17:17:34 -0400
Received: from sceptre.pobox.com ([207.106.133.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IWIXd-0003Fl-7y for tls@ietf.org; Fri, 14 Sep 2007 17:17:34 -0400
Received: from sceptre (localhost.localdomain [127.0.0.1]) by sceptre.pobox.com (Postfix) with ESMTP id A5AA22FA for <tls@ietf.org>; Fri, 14 Sep 2007 17:17:54 -0400 (EDT)
Received: from [192.168.1.8] (wsip-24-234-114-35.lv.lv.cox.net [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by sceptre.sasl.smtp.pobox.com (Postfix) with ESMTP id 773067E9B8 for <tls@ietf.org>; Fri, 14 Sep 2007 17:17:54 -0400 (EDT)
Message-ID: <46EAFA60.3000402@pobox.com>
Date: Fri, 14 Sep 2007 14:17:20 -0700
From: Mike <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: tls@ietf.org
Subject: Re: [TLS] Issue 56: AES as MTI
References: <20070912231150.ED1D533C21@delta.rtfm.com> <65C7072814858342AD0524674BCA2CDB0D2E6E3E@rsana-ex-hq2.NA.RSA.NET> <20070912232636.2B5FE33C21@delta.rtfm.com> <5E75C29FF611C298B79DC0E1@[10.1.110.5]>
In-Reply-To: <5E75C29FF611C298B79DC0E1@[10.1.110.5]>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7bac9cb154eb5790ae3b2913587a40de
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
> As far as I can tell, the real-world MTI for SSL/TLS as deployed is > RC4. Yes, I've noticed this in my testing. Many servers will pick RC4_MD5 even though it is last in my cipher list. Examples are apple.com, ibm.com, amazon.com, verisign.com. When confronted with only AES ciphers, most will negotiate it, but, for example, Verisign won't (they do support 3DES though). Mike _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Issue 56: AES as MTI Eric Rescorla
- Re: [TLS] Issue 56: AES as MTI Eric Rescorla
- RE: [TLS] Issue 56: AES as MTI Joseph Salowey (jsalowey)
- Re: [TLS] Issue 56: AES as MTI Mike
- [TLS] Re: Issue 56: AES as MTI Simon Josefsson
- Re: [TLS] Issue 56: AES as MTI Russ Housley
- Re: [TLS] Issue 56: AES as MTI Chris Newman
- Re: [TLS] Issue 56: AES as MTI Nelson B Bolyard
- Re: [TLS] Issue 56: AES as MTI Mike
- Re: [TLS] Issue 56: AES as MTI Eric Rescorla
- Re: [TLS] Issue 56: AES as MTI Russ Housley
- Re: [TLS] Issue 56: AES as MTI Chris Newman
- Re: [TLS] Issue 56: AES as MTI Nelson B Bolyard
- Re: [TLS] Issue 56: AES as MTI Nicolas Williams