I think so....when you actually code TLS connections using OpenSSL,
you can specify a minimum cipher suite to be negotiated...only the
cipher suite enumeration is specified, so I think it's ok to use just
On Jan 31, 2009, at 4:03 PM, Brian Smithson wrote:
> Thanks, Randy.
>> So is our key length attribute redundant?
> Brian Smithson
> PM, Security Research
> PMP, CISSP, CISA, ISO 27000 PA
> Advanced Imaging and Network Technologies
> Ricoh Americas Corporation
>>> Randy Turner wrote:
>>>>>> Hi Brian,
>>>> I think the IANA registry actually has the key length specified as
>> part of the suite enumeration.
>>>> Examples are:
>>>> There are other suites that don't specify numeric key sizes, but in
>> these cases, the algorithm itself
>> (3DES for example) work with a specific key size that doesn't vary.
>>>> In this case, we may be able to just specify that we're talking
>> about a minimum suite, with a reference to RFC 5246 and
>> the IANA registry itself.
>>>>>> On Jan 30, 2009, at 6:26 PM, Brian Smithson wrote:
>>>>> I am still wondering how these two attributes can be used in
>>> practice. I
>>> know that we can uniquely identify cipher suites using the IANA
>>> registry, but is there an authoritative source to specify that one
>>> is "more minimum" than another? And if you consider different key
>>> lengths that might be acceptable for a given suite, then can we
>>> say that suite X is more minimum than suite Y even if an HCD
>>> supports a
>>> relatively long key length for X but only supports a relatively
>>> one for Y?
>>> Brian Smithson
>>> PM, Security Research
>>> PMP, CISSP, CISA, ISO 27000 PA
>>> Advanced Imaging and Network Technologies
>>> Ricoh Americas Corporation
-------------- next part --------------
An HTML attachment was scrubbed...