> On Jan 10, 2018, at 5:38 PM, J Doe <

[hidden email]> wrote:

>

> Hi,

>

> I had two short questions regarding Postfix’s elliptic curve support for the SMTP server.

>

> 1. Under the man documentation for: tls_eecdh_strong_curve the documentation states

> “...approximately 128-bit security...”. Is that saying that it is equivalent to

> 128-bits RSA or it provides an elliptic curve key size of nearly 128-bits ?

No, it is 2^128 work-factor, as in AES-128 or RSA ~3072. You should generally

not change tls_eecdh_strong_curve. 128-bit RSA is *not* 128-bit security.

See:

http://www.postfix.org/postconf.5.html#smtpd_tls_eecdh_grade> 2. To make use of elliptic curve encryption a TLS certificate must have been

> made with support for elliptic curves, correct?

EECDH key-agreement is largely independent of the certificate type. You

can EECDH key agreement with either RSA or ECDSA certificates.

> A TLS certificate using RSA keys will not work?

Actually it works just fine. RSA certificates are used to *authenticate*

the key exchange, which performed via EECDH.

See also

http://www.postfix.org/FORWARD_SECRECY_README.html--

Viktor.