Re: [TLS] Issue 56: AES as MTI

Mike <mike-list@pobox.com> Fri, 14 September 2007 21:17 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWIXg-0004Yr-1c; Fri, 14 Sep 2007 17:17:36 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWIXe-0004YS-Cj for tls@ietf.org; Fri, 14 Sep 2007 17:17:34 -0400
Received: from sceptre.pobox.com ([207.106.133.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IWIXd-0003Fl-7y for tls@ietf.org; Fri, 14 Sep 2007 17:17:34 -0400
Received: from sceptre (localhost.localdomain [127.0.0.1]) by sceptre.pobox.com (Postfix) with ESMTP id A5AA22FA for <tls@ietf.org>; Fri, 14 Sep 2007 17:17:54 -0400 (EDT)
Received: from [192.168.1.8] (wsip-24-234-114-35.lv.lv.cox.net [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by sceptre.sasl.smtp.pobox.com (Postfix) with ESMTP id 773067E9B8 for <tls@ietf.org>; Fri, 14 Sep 2007 17:17:54 -0400 (EDT)
Message-ID: <46EAFA60.3000402@pobox.com>
Date: Fri, 14 Sep 2007 14:17:20 -0700
From: Mike <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: tls@ietf.org
Subject: Re: [TLS] Issue 56: AES as MTI
References: <20070912231150.ED1D533C21@delta.rtfm.com> <65C7072814858342AD0524674BCA2CDB0D2E6E3E@rsana-ex-hq2.NA.RSA.NET> <20070912232636.2B5FE33C21@delta.rtfm.com> <5E75C29FF611C298B79DC0E1@[10.1.110.5]>
In-Reply-To: <5E75C29FF611C298B79DC0E1@[10.1.110.5]>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7bac9cb154eb5790ae3b2913587a40de
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

> As far as I can tell, the real-world MTI for SSL/TLS as deployed is 
> RC4.

Yes, I've noticed this in my testing.  Many servers will pick RC4_MD5
even though it is last in my cipher list.  Examples are apple.com,
ibm.com, amazon.com, verisign.com.  When confronted with only AES
ciphers, most will negotiate it, but, for example, Verisign won't
(they do support 3DES though).

Mike

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls