<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>NIST SP800-52 Rev.1 is also in draft, with community comment requested.<br><br><a href="http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-52-Rev.%201" target="_blank">http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-52-Rev.%201</a><br><br>I'd say they should require PFS, but it's another standards body's commentary.<br><br><div>> To: tahoe-dev@tahoe-lafs.org<br>> From: eternaleye@gmail.com<br>> Subject: Re: Dusting off lafs-rpg.<br>> Date: Mon, 25 Nov 2013 16:16:10 -0800<br>> <br>> Zooko O'Whielacronx wrote:<br>> <br>> > On Sun, Oct 13, 2013 at 9:09 PM, Callme Whatiwant <nejucomo@gmail.com><br>> > wrote:<br>> >><br>> >> Thanks Patrick!  Before I accepted this, I was hoping people with more<br>> >> knowledge of recent TLS vulnerabilities and/or forward secrecy could take<br>> >> a glance at the cipher list and comment on if it's still "Today's Best<br>> >> TLS config".<br>> > <br>> > Here's Hynek Schlawack's ¹, which is partially based on mine ² and<br>> > partially based on qualsys "ssllabs".<br>> > <br>> > Regards,<br>> > <br>> > Zooko<br>> > <br>> > ¹ http://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/<br>> > <br>> > ² https://github.com/LeastAuthority/leastauthority.com/issues/92#issuecomment-26292572<br>> <br>> You may find it interesting that the IETF is creating a TLS<br>> best-current-practices RFC:<br>> <br>> http://tools.ietf.org/html/draft-sheffer-tls-bcp-01<br>> <br>> _______________________________________________<br>> tahoe-dev mailing list<br>> tahoe-dev@tahoe-lafs.org<br>> https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev<br></div>                                     </div></body>
</html>