On Fri, 2014-08-08 at 10:34 +0100, Tristan Santore wrote:
What about GNUPG ? And what will that default be set to ?
Nothing. It is outside the scope for now. The idea is to extend to all applications we can though, but currently, unless someone contributes an enhancement, it is restricted to TLS/SSL and openssl/gnutls.
Because certain ciphers that NIST seems to think are OK, are not OK, as we found out.
Which ciphers are those? Most probably you are referring to the EC-dual DRBG random generator. I don't believe we ever had that. It was a bad choice for both technical and security reasons.
And who decides which cyphers are good in that context ? Are we following bettercrypto.org's paper ?
We do, by following many recommendations. Not only NIST's, and not only bettercrypto's.
regards, Nikos