[ALUG] Mozilla will obsolete HTTP
Alan Orth
alan.orth at gmail.com
Tue May 5 10:09:48 EAT 2015
I liked this point from the recent (virtual) meeting with Snowden in
Princeton[0]:
"Cryptanalysis has been seen of RC4, but not of elliptic curve crypto, and
there's no sign of exploits against other commonly used algorithms. Of
course, the vendors of some products have been coopted, notably skype.
Homegrown crypto is routinely problematic, but properly implemented crypto
keeps the agency out; gpg ciphertexts with RSA 1024 were returned as fails."
The NSA is mostly opportunistic: sabotaging standards, collecting
plaintext, strong-arming companies like Skype, etc. But the math is good.
Elliptic curve cryptography is ok. AES is solid. Use "forward secret"
ciphers where possible (Diffie-Hellman Ephemeral, aka DHE, and Elliptic
Curve Diffie-Hellman Ephemeral, aka ECDHE) so that people recording your
encrypted communications can't re-play them later when they get your
server's private key. :)
Alan
[0]
https://www.lightbluetouchpaper.org/2015/05/02/meeting-snowden-in-princeton/
On Tue, May 5, 2015 at 12:21 AM, Andreas Tauscher via Linux <
linux at lists.habari.co.tz> wrote:
>
> >> As I said this will for the first only affect sites using http2.
> >
> > Oh ok, the Mozilla announcement makes no mention of http2. It is
> > surprising that they don't mention it.
>
> It was only an announcement what will be done in the medium/long term.
> What finally will be disabled: The discussion is still going on. The
> only what is sure: http2 is working only over TLS.
> Also the W3C is discussing which features should or must be available
> only over TLS.
> Will take some time.
> What is written on the hitch-hikers guide in big, fiendly letters: Don't
> Panic
>
>
> _______________________________________________
> The Arusha Linux User Group: http://unix.or.tz
> Linux mailing list
> Linux at lists.habari.co.tz
> http://lists.habari.co.tz/cgi-bin/mailman/listinfo/linux
>
> The Arusha LUG mailing list is generously hosted by Habari Node Ltd:
> http://www.habari.co.tz/
>
> The above comments and data are owned by whoever posted them (including
> attachments if any). The mailing list host is not responsible for them in
> any way.
>
--
Alan Orth
alan.orth at gmail.com
https://alaninkenya.org
https://mjanja.ch
"In heaven all the interesting people are missing." -Friedrich Nietzsche
GPG public key ID: 0x8cb0d0acb5cd81ec209c6cdfbd1a0e09c2f836c0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.habari.co.tz/pipermail/linux/attachments/20150505/1215ec1d/attachment.html>
More information about the Linux
mailing list