Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Determine replacement MTI cipher suite #32

Closed
ekr opened this Issue May 3, 2014 · 2 comments

Comments

Projects
None yet
2 participants
@ekr
Copy link
Contributor

ekr commented May 3, 2014

Now that we are removing static RSA cipher suites, we need a new MTI cipher suite.

@ekr

This comment has been minimized.

Copy link
Contributor Author

ekr commented Sep 22, 2015

From Sean's mail

o Symmetric:
MUST AES-GCM 128
[SHOULD ChaCha20-Poly1305]

o Hash:
MUST SHA-256

o Key Agreement: ECDH
MUST P-256
[SHOULD 25519]

o Signature:
MUST ECDSA P-256
MUST RSA

@ekr ekr added the Editor Ready label Sep 22, 2015

@ekr ekr closed this in db0ef3e Sep 26, 2015

ekr added a commit that referenced this issue Sep 26, 2015

Merge pull request #267 from ekr/issue32_mti_ciphers
Add MTI cipher suites. Fixes #32
@dawud-tan

This comment has been minimized.

Copy link

dawud-tan commented May 13, 2018

Dear Mr. @ekr, currently I'm very interested in studying non-repudiation, then I found S-HTTP (RFC 2660) that offer non-repudiation security service. I also found that AS2 (RFC 4130) also offers this kind of service, but then I wonder why non-repudiation service is not becoming ubiquotus? Why AEAD replace HMAC, does hash function is too heavy, or hash is more appropriate for digital signature world? Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.