On Fri, 2014-08-08 at 10:34 +0100, Tristan Santore wrote:
What about GNUPG ?
And what will that default be set to ?
Nothing. It is outside the scope for now. The idea is to extend to all
applications we can though, but currently, unless someone contributes an
enhancement, it is restricted to TLS/SSL and openssl/gnutls.
Because certain ciphers that NIST
seems to think are OK, are not OK, as we found out.
Which ciphers are those? Most probably you are referring to the EC-dual
DRBG random generator. I don't believe we ever had that. It was a bad
choice for both technical and security reasons.
And who decides
which cyphers are good in that context ?
Are we following bettercrypto.org's paper ?
We do, by following many recommendations. Not only NIST's, and not only
bettercrypto's.
regards,
Nikos