%%\subsection{Architectural overview }
-A cipher suite is a standardised collection of key exchange algorithms, ciphers,
-Message authentication code (MAC) that provides authenticated encryption schemes.
-It consists of the following components:
+A cipher suite is a standardised collection of key exchange algorithms, encryption
+algorithms (ciphers) and Message authentication codes (MAC) that provides authenticated
+encryption schemes. It consists of the following components:
\begin{description}
\item{Key exchange protocol:}
\item{Cipher:}
The cipher is used to encrypt the message stream. It also contains the key size
and mode used by the suite.
-
-Example: AES128 AES128\_GCM Camellia128
-
+Example: AES128 AES128\_GCM Camellia128
\item{Message authentication code (MAC):}
A MAC ensures that the message has not been tampered with (integrity).
\todo{find a good visualisation for a cipher suite composition}
\item{Authenticated encryption scheme:}
-An encryption scheme which provides confidentiality, integrity and authenticity.
+An encryption scheme which provides for confidentiality, integrity and authenticity.
\end{description}
\ No newline at end of file
\todo{ Adi... you want to describe how to make your own selection of cipher suites here.}
-SSL/TLS cipher suites consist of a key exchange mechanism, an authentication, a
-stream cipher (or a block cipher with a chaining mode) and a message authentication
-mechanism.
+%%SSL/TLS cipher suites consist of a key exchange algorithm, an authentication, a
+%%stream cipher (or a block cipher with a chaining mode) and a message authentication
+%%mechanism.
+%% ^^ commented out due to duplication (see previous section on architecture) - azet
-Many of those mechanisms are interchangeable like the key exchange in this example:
+Many of the parts in a ciphersuite are interchangeable. Like the key exchange algorithm in this example:
\texttt{ECDHE-RSA-AES256-GCM-SHA384} and \texttt{DHE-RSA-AES256-GCM-SHA384}.
To provide a decent level of security, all algorithms need to be safe (subject to
the disclaimer in section \ref{section:disclaimer}).
\begin{itemize}
\item Internet-facing services
\item Commonly used services
-\item Devices which are used in business environments (this mostly excludes XBoxes, Playstations and similar common consumer devices)
+\item Devices which are used in business environments (this specifically excludes XBoxes, Playstations and similar consumer devices)
\item OpenSSL
\end{itemize}
git.bettercrypto.org / ach-master.git / commitdiff