[Freedombox-discuss] CAs and cipher suites for cautious servers like FreedomBox
Jonas Smedegaard <dr at jones.dk> wrote:
> Would be nice if those knowledgeable about crypto could propose a
> shortlist of purposes, and corresponding CAs and cipher suites.
I see no reason offhand for a Box to trust any CA. That is a
problem for the browsers, not a server. To identify the box to
browsers, we could create a Box project CA, get certs from
some existing CA, or use self-signed certs. I'd favour the
latter because it is simpler, but then we need to document
a requirement that browsers check for cert changes. Without
that check, self-signed certs can be replaced by an attacker.
As for cipher suites, we should very strongly prefer ones
that offer perfect forward secrecy:
https://www.eff.org/deeplinks/2013/08/pushing-perfect-forward-secrecy-important-web-privacy-protection
The obvious cipher to use is AES, but it would be preferable
to provide some other options as well.
"When asked to implement AES, the implementer might include the other
finalists ? Twofish, Serpent. RC6 and MARS ? as well. This provides
useful insurance against the (presumably unlikely) risk of someone
finding a good attack on AES. Little extra effort is required since
open source implementations of all these ciphers are readily available
... All except RC6 have completely open licenses."
http://en.citizendium.org/wiki/Block_cipher#The_AES_generation
The obvious hash to use is SHA-2, probably along with the plug-in
compatible SHA-3.
> Anyone knowledgeable about crypto that can help out?
See also old discussion in this thread, and likely elsewhere too:
http://lists.alioth.debian.org/pipermail/freedombox-discuss/2011-April/001439.html
Reply to: