If that TLS 1.0 device had never needed to support RC4 in TLS to begin with, whi... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

morelisp on Nov 23, 2019 | parent | context | favorite | on: Don’t Rush Quantum-Proof Encryption, Warns NSA Res...

If that TLS 1.0 device had never needed to support RC4 in TLS to begin with, which practically speaking it never really needed to, we could've done less work at implementation time, provided clearer guidance to users when the vulnerabilities were discovered, and likely had fewer affected users to begin with.

throw0101a on Nov 25, 2019 [–]

> If that TLS 1.0 device had never needed to support RC4 in TLS to begin with, which practically speaking it never really needed to ...

Except that we did not know about not needing to. When BEAST came out a lot of recommendations said to switch over to RC4:

* https://en.wikipedia.org/wiki/Transport_Layer_Security#BEAST...

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact