Re: tlsa for smtp to @bugs.debian.org

To: debian-devel@lists.debian.org
Subject: Re: tlsa for smtp to @bugs.debian.org
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sat, 14 Sep 2013 12:09:58 +0200
Message-id: <[🔎] 87hadnogsp.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 20130913212338.GB24058@mail.waldi.eu.org> (Bastian Blank's message of "Fri, 13 Sep 2013 23:23:39 +0200")
References: <[🔎] m3hadq7v5s.fsf@carbon.jhcloos.org> <[🔎] m3bo3y5zno.fsf@carbon.jhcloos.org> <[🔎] 87txhq8s9s.fsf@qurzaw.varnish-software.com> <[🔎] 20130913102803.GB31162@bongo.bofh.it> <[🔎] m3hado4zos.fsf@carbon.jhcloos.org> <[🔎] 20130913205106.GA7721@roeckx.be> <[🔎] 20130913212338.GB24058@mail.waldi.eu.org>

* Bastian Blank:

> On Fri, Sep 13, 2013 at 10:51:06PM +0200, Kurt Roeckx wrote:
>> I think gnutls by default has a minimum size of 727 for the DH
>> size while openssl doesn't have any check for this.  But if you're
>> using DH you really want to move to something like 2048 if
>> possible.
>
> This prime size is pretty irrelevant for opportunistic TLS.

Small primes enable passive attacks.  TLS with plain RSA and a large
enough modulus (even 1024 bits isn't that problematic at this point)
is thought to be safe against passive attacks, *even without*
certificate validation.

Curiously, the optional ephemeral Diffie-Hellman part of the TLS
protocol runs in plaintext, which means that it can be attacked
directly, without bothering to attack the RSA part.  As a result, that
dreaded thing called "perfect forward secrecy" is not necessarily an
overall improvement.  It's probably best to disable it altogether,
then the DH interoperability issue disappears as well.  (I'm pretty
sure the current trend to enable it all over the place is mostly due
to its suggestive name.)

Reply to:

Follow-Ups:
- Re: tlsa for smtp to @bugs.debian.org
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

References:
- tlsa for smtp to @bugs.debian.org
  - From: James Cloos <cloos@jhcloos.com>
- Re: tlsa for smtp to @bugs.debian.org
  - From: James Cloos <cloos@jhcloos.com>
- Re: tlsa for smtp to @bugs.debian.org
  - From: Tollef Fog Heen <tfheen@err.no>
- Re: tlsa for smtp to @bugs.debian.org
  - From: md@Linux.IT (Marco d'Itri)
- Re: tlsa for smtp to @bugs.debian.org
  - From: James Cloos <cloos@jhcloos.com>
- Re: tlsa for smtp to @bugs.debian.org
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: tlsa for smtp to @bugs.debian.org
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Re: Web ID as passwordless authentication for debian web services
Next by Date: Re: tlsa for smtp to @bugs.debian.org
Previous by thread: Re: tlsa for smtp to @bugs.debian.org
Next by thread: Re: tlsa for smtp to @bugs.debian.org
Index(es):
- Date
- Thread