feature: added new metrics:#185
Conversation
d-pizhuk
commented
Oct 8, 2025
- added descriptions and configurations for BlockCipher and BlockCipherMode metrics
- added descriptions and configurations for BlockCipher and BlockCipherMode metrics
|
@immqu from what I understand, you prefer using the |
|
Please refer the issues you are closing @d-pizhuk |
oxisto
left a comment
There was a problem hiding this comment.
Dont we already have this? https://github.com/Cybersecurity-Certification-Hub/security-metrics/blob/main/metrics/TransportEncryption/TlsCipherSuite/TlsCipherSuite.yaml or at least the old one should be deleted then and maybe we need to establish a common naming scheme, meaning that it would be TransportEncryptionBlockCipher or something
@immqu not just these 2 metrics, I would split it even into 3: block cipher, block cipher mode and secure mac (possibly, can be even 4, including secure key exchange metric). Also, we have metrics AESStandard and AESKeyLength (which are also related to the cipher suites) |
|
Thinking about it, we could even split it up further. A TLS "configuration" consists of the following elements: protocol version, key exchange, authenticaiton, encryption (with algorithm, key length, block cipher, and block cipher mode), and hash. Related PRs:
|
@immqu and I discussed this issue. For sake of simplicity and to avoid complicated metric rules, I would also favor to check just complete cipher suties (e.g. "TLS_AES_128_GCM_SHA256") instead of splitting it up. What do you think @d-pizhuk ? I like the idea with regex expression in rego 👍 I will add an issue to start discussion if we went to have that in the future. |