ietf-smtp
[Top] [All Lists]

[ietf-smtp] FWD: Re: When using TLS, would randomizing the order of the EHLO response be helpful?

2013-03-21 12:12:21
More from Steve...

---------- Forwarded Message ----------
Date: Thursday, March 21, 2013 12:23 -0400
From: Steven Bellovin <smb(_at_)cs(_dot_)columbia(_dot_)edu>
To: John C Klensin <klensin(_at_)jck(_dot_)com>
Subject: Re: [ietf-smtp] When using TLS, would randomizing the
order of the EHLO response be helpful?

One last word on the RC4 issue...

See http://www.theregister.co.uk/2013/03/15/tls_broken/ and note
this:

"It's not a very practical attack in general, requiring at least
16,777,216 captured sessions, but as mentioned, attacks will
only improve in time," said Arnold Yau, lead developer at mobile
security firm Hoverkey. "I think it'd be wise for TLS
deployments to migrate away from RC4 as advised."


2^24 sessions before a few bytes are readable, per
http://www.isg.rhul.ac.uk/tls/

"Don't panic".

---------- End Forwarded Message ----------




_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread] Current Thread [Next in Thread>
  • [ietf-smtp] FWD: Re: When using TLS, would randomizing the order of the EHLO response be helpful?, John C Klensin <=