Re: [PATCH] Re: Logjam mitigation for Wheezy?

To: Thorsten Glaser <tg@mirbsd.de>
Cc: debian-security@lists.debian.org
Subject: Re: [PATCH] Re: Logjam mitigation for Wheezy?
From: Kurt Roeckx <kurt@roeckx.be>
Date: Mon, 8 Jun 2015 23:01:13 +0200
Message-id: <[🔎] 20150608210113.GA32227@roeckx.be>
In-reply-to: <[🔎] loom.20150608T115712-421@post.gmane.org>
References: <20150520164735.GB24453@randomstring.org> <1633427.sqntbNTtro@k> <[🔎] alpine.DEB.2.20.1506031603380.14887@tglase.lan.tarent.de> <[🔎] 7468885.v8Xxc1WnWR@k> <[🔎] loom.20150608T115712-421@post.gmane.org>

On Mon, Jun 08, 2015 at 10:00:00AM +0000, Thorsten Glaser wrote:
> Stefan Fritsch <sf <at> sfritsch.de> writes:
> 
> > And custom DH groups are not that easy to handle in an automated way. 
> 
> Right. I'm currently suggesting each "site" to generate one and
> roll that out for the whole "site" (e.g. company, project).

Please note that the website still says that everybody should
generate their own 2048 bit DH key, but on the ietf TLS list they
said that wasn't needed and they would update their site.  2048
bit DH should still be strong enough that not everybody needs to
generate their own.

Kurt

Reply to:

Follow-Ups:
- Re: [PATCH] Re: Logjam mitigation for Wheezy?
  - From: micah <micah@riseup.net>

References:
- [PATCH] Re: Logjam mitigation for Wheezy?
  - From: Thorsten Glaser <t.glaser@tarent.de>
- Re: [PATCH] Re: Logjam mitigation for Wheezy?
  - From: Stefan Fritsch <sf@sfritsch.de>
- Re: [PATCH] Re: Logjam mitigation for Wheezy?
  - From: Thorsten Glaser <tg@mirbsd.de>

Prev by Date: Re: [PATCH] Re: Logjam mitigation for Wheezy?
Next by Date: Re: [PATCH] Re: Logjam mitigation for Wheezy?
Previous by thread: Re: [PATCH] Re: Logjam mitigation for Wheezy?
Next by thread: Re: [PATCH] Re: Logjam mitigation for Wheezy?
Index(es):
- Date
- Thread