Questions regarding ecliptic curve support

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Questions regarding ecliptic curve support

J Doe
Hi,

I had two short questions regarding Postfix’s elliptic curve support for the SMTP server.

1.  Under the man documentation for: tls_eecdh_strong_curve the documentation states “...approximately 128-bit security...”.  Is that saying that it is equivalent to 128-bits RSA or it provides an elliptic curve key size of nearly 128-bits ?

2. To make use of ecliptic curve encryption a TLS certificate must have been made with support for ecliptic curves, correct ?  A TLS certificate using RSA keys will not work ?

Thanks,

- J
Reply | Threaded
Open this post in threaded view
|

Re: Questions regarding ecliptic curve support

Viktor Dukhovni


> On Jan 10, 2018, at 5:38 PM, J Doe <[hidden email]> wrote:
>
> Hi,
>
> I had two short questions regarding Postfix’s elliptic curve support for the SMTP server.
>
> 1.  Under the man documentation for: tls_eecdh_strong_curve the documentation states
> “...approximately 128-bit security...”. Is that saying that it is equivalent to
> 128-bits RSA or it provides an elliptic curve key size of nearly 128-bits ?

No, it is 2^128 work-factor, as in AES-128 or RSA ~3072.  You should generally
not change tls_eecdh_strong_curve.  128-bit RSA is *not* 128-bit security.

See:

   http://www.postfix.org/postconf.5.html#smtpd_tls_eecdh_grade

> 2. To make use of elliptic curve encryption a TLS certificate must have been
> made with support for elliptic curves, correct?

EECDH key-agreement is largely independent of the certificate type.  You
can EECDH key agreement with either RSA or ECDSA certificates.

> A TLS certificate using RSA keys will not work?

Actually it works just fine.  RSA certificates are used to *authenticate*
the key exchange, which performed via EECDH.

See also http://www.postfix.org/FORWARD_SECRECY_README.html

--
        Viktor.