Dusting off lafs-rpg.
Garonda Rodian
deepside at hotmail.com
Tue Nov 26 00:38:07 UTC 2013
NIST SP800-52 Rev.1 is also in draft, with community comment requested.
http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-52-Rev.%201
I'd say they should require PFS, but it's another standards body's commentary.
> To: tahoe-dev at tahoe-lafs.org
> From: eternaleye at gmail.com
> Subject: Re: Dusting off lafs-rpg.
> Date: Mon, 25 Nov 2013 16:16:10 -0800
>
> Zooko O'Whielacronx wrote:
>
> > On Sun, Oct 13, 2013 at 9:09 PM, Callme Whatiwant <nejucomo at gmail.com>
> > wrote:
> >>
> >> Thanks Patrick! Before I accepted this, I was hoping people with more
> >> knowledge of recent TLS vulnerabilities and/or forward secrecy could take
> >> a glance at the cipher list and comment on if it's still "Today's Best
> >> TLS config".
> >
> > Here's Hynek Schlawack's ¹, which is partially based on mine ² and
> > partially based on qualsys "ssllabs".
> >
> > Regards,
> >
> > Zooko
> >
> > ¹ http://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
> >
> > ² https://github.com/LeastAuthority/leastauthority.com/issues/92#issuecomment-26292572
>
> You may find it interesting that the IETF is creating a TLS
> best-current-practices RFC:
>
> http://tools.ietf.org/html/draft-sheffer-tls-bcp-01
>
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at tahoe-lafs.org
> https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20131126/3cc61e19/attachment.html>
More information about the tahoe-dev
mailing list