[Freedombox-discuss] CAs and cipher suites for cautious servers like FreedomBox

Thu Sep 12 09:24:19 UTC 2013

There is an interesting thread currently on "cryptography " mailing list touching on similar topics.
Regards
Anish

Anish Mohammed
Twitter: anishmohammed
http://uk.linkedin.com/in/anishmohammed
Skype: thecryptic

On 12 Sep 2013, at 10:10, Jonas Smedegaard <dr at jones.dk> wrote:

> Which TLS certificate authorities (CA) should we trust?
> 
> Which cipher suites should we tolerate?
> 
> Ideally the answers are "none" and "only strong ones".  But what is more 
> relevant to discuss is *realistic* answers (we can then tighten in later 
> revisions):
> 
> Which CAs and cipher suites are sensible to use - for now?
> 
> 
> I imagine there is no "one size fits all".  That e.g. serving blog pages 
> should be more pragmatic about [legacy systems] than Plinth admin pages 
> or other [specific applications].
> 
> Would be nice if those knowledgeable about crypto could propose a 
> shortlist of purposes, and corresponding CAs and cipher suites.
> 
> We could use such shortlists to verify Plinth code, Apache setup, 
> ca-certificates package configuration etc.
> 
> Anyone knowledgeable about crypto that can help out?
> 
> 
> - Jonas
> 
> 
> [speficic applications]: The Guardian Project currently discuss choice 
> of cipher suites for OTR in their (smartphone) applications: 
> https://lists.mayfirst.org/pipermail/guardian-dev/2013-September/002504.html
> 
> [legacy systems]: CAcert.org discusses BEAST vs. RCA4 impacting MacOS X: 
> https://lists.cacert.org/wws/arc/cacert/2013-09/msg00002.html
> 
> -- 
> * Jonas Smedegaard - idealist & Internet-arkitekt
> * Tlf.: +45 40843136  Website: http://dr.jones.dk/
> 
> [x] quote me freely  [ ] ask before reusing  [ ] keep private
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss