Author naif
Recipients jcea, naif, pitrou
Date 2011-12-19.10:53:35
SpamBayes Score 2.37618e-08
Marked as misclassified No
Message-id <1324292016.82.0.631284256073.issue13627@psf.upfronthosting.co.za>
In-reply-to
Content
The Tor Project is composed of Cryptography experts, thus i am opening that ticket cause with our group we're implementing Tor2web based on Python that require *strict* security requirements for crypto.

The Tor Project heavily use Python for most of tools.

If you want we can open a discussion within Tor Project to have a "rationale method" to define a set of "default ciphers" considering the ration of security/performance/compatibility.

That way anyone using Python SSL/TLS will be sure in using a "Secure system" without the risk of legacy protocol such as SSLv2 or insecure ciphers like Export 40bit DES that are nowdays enabled by default.

Today a Python coder approaching SSL/TLS will have an insecurely configured TLS connection that can be hijacked via SSLv2 protocol or cracked via 40bit DES. 

Even Firefox, Chrome, IE, Opera disable by default certain protocols and certain ciphers, so imho it would be valuable to have a "Secure default", obviously considering and maintaining compatibility.

What do you think?
History
Date User Action Args
2011-12-19 10:53:36naifsetrecipients: + naif, jcea, pitrou
2011-12-19 10:53:36naifsetmessageid: <1324292016.82.0.631284256073.issue13627@psf.upfronthosting.co.za>
2011-12-19 10:53:36naiflinkissue13627 messages
2011-12-19 10:53:35naifcreate