tls_eecdh_*_curve

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

tls_eecdh_*_curve

A. Schulze

Hello,

the documentation to these parameters refers the NSA website. However  
the links are broken.
Also I don't feel very comfortable these days if postfix uses crypto  
approved by NSA :-/

Andreas

Reply | Threaded
Open this post in threaded view
|

Re: tls_eecdh_*_curve

lists@rhsoft.net


Am 05.01.2014 13:58, schrieb Andreas Schulze:
> the documentation to these parameters refers the NSA website. However the links are broken.
> Also I don't feel very comfortable these days if postfix uses crypto approved by NSA :-/

backed by more than FUD?
people tend to forget that the NSA has *two* goals

* intrusion in foreign systems
* protect US infrastructure

point 2 makes http://www.nsa.gov/business/programs/elliptic_curve.shtml
not more worse than a year ago where nothing was different except nobody
knew what happened over years

Reply | Threaded
Open this post in threaded view
|

Re: tls_eecdh_*_curve

Ansgar Wiechers
On 2014-01-05 [hidden email] wrote:

> Am 05.01.2014 13:58, schrieb Andreas Schulze:
>> the documentation to these parameters refers the NSA website. However
>> the links are broken. Also I don't feel very comfortable these days
>> if postfix uses crypto approved by NSA :-/
>
> backed by more than FUD?
> people tend to forget that the NSA has *two* goals
>
> * intrusion in foreign systems
> * protect US infrastructure
>
> point 2 makes http://www.nsa.gov/business/programs/elliptic_curve.shtml
> not more worse than a year ago where nothing was different except nobody
> knew what happened over years

<http://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters>

<german>
Fefe blogged about this back in September.

https://blog.fefe.de/?ts=acceb732
</german>

Regards
Ansgar Wiechers
--
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky
Reply | Threaded
Open this post in threaded view
|

Re: tls_eecdh_*_curve

nanotek
In reply to this post by A. Schulze
On 5/01/2014 11:58 PM, Andreas Schulze wrote:

>
> Hello,
>
> the documentation to these parameters refers the NSA website. However
> the links are broken.
> Also I don't feel very comfortable these days if postfix uses crypto
> approved by NSA :-/
>
> Andreas
>

I don't feel comfortable with the NSA in general, but their research and
development in cryptography should be well-received, for the most part,
I would think.

--
syn.bsdbox.co
Reply | Threaded
Open this post in threaded view
|

Re: tls_eecdh_*_curve

lists@rhsoft.net
In reply to this post by Ansgar Wiechers

Am 05.01.2014 14:40, schrieb Ansgar Wiechers:

> On 2014-01-05 [hidden email] wrote:
>> Am 05.01.2014 13:58, schrieb Andreas Schulze:
>>> the documentation to these parameters refers the NSA website. However
>>> the links are broken. Also I don't feel very comfortable these days
>>> if postfix uses crypto approved by NSA :-/
>>
>> backed by more than FUD?
>> people tend to forget that the NSA has *two* goals
>>
>> * intrusion in foreign systems
>> * protect US infrastructure
>>
>> point 2 makes http://www.nsa.gov/business/programs/elliptic_curve.shtml
>> not more worse than a year ago where nothing was different except nobody
>> knew what happened over years
>
> <http://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters>
>
> <german>
> Fefe blogged about this back in September.
>
> https://blog.fefe.de/?ts=acceb732
> </german>

the problem here is that Fefe as well as Bruce Schneier (and yes
i know who the guy is) are mixing ECC with Dual_EC_DRBG and if you
look at the blog-post you see it is 3 months old while in the meantime
everybody who is reading IT news knows that Dual_EC_DRBG in OpenSSL is
broken, would let crash the application, never will be fixed and is
not used in any piece of software

to be honest: somebody saying "i do not trust this and that" does
not interest me as long there is nothing he can show to prove his
feelings - i am IT specialist and not a priest believing in things

Reply | Threaded
Open this post in threaded view
|

Re: tls_eecdh_*_curve

Robert Schetterer-2
Am 05.01.2014 16:22, schrieb [hidden email]:
> to be honest: somebody saying "i do not trust this and that" does
> not interest me as long there is nothing he can show to prove his
> feelings - i am IT specialist and not a priest believing in things

good point, i agree in this !

any comments to advices given in

https://bettercrypto.org/static/applied-crypto-hardening.pdf ?

related to postfix / dovecot

Best Regards
MfG Robert Schetterer

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Reply | Threaded
Open this post in threaded view
|

Re: tls_eecdh_*_curve

Viktor Dukhovni
In reply to this post by A. Schulze
On Sun, Jan 05, 2014 at 01:58:30PM +0100, Andreas Schulze wrote:

> the documentation to these parameters refers the NSA website.
> However the links are broken.

That's the trouble with links.  Anyone have suggested replacements.

> Also I don't feel very comfortable these days if postfix uses crypto
> approved by NSA :-/

There are no credible reports of serious problems with P-256 and
P-384.  The Suite-B algorithms have moved from the "unknown unknown"
to the "known unknown" risk category.

In the mean-time, the IETF TLS working group is hard at work
standardizing (debating) more modern symmetric stream ciphers,
authentication modes, and elliptic curves.

Instead of trusting NIST you'll have to trust Daniel J. Bernstein,
but to his credit his algorithms don't have inexplicable magic
constants, the design rationale is published and the algorithms
benefit from new discoveries and lessons learned over the years.

In particular his "Edwards form" elliptic curves will not appear
before OpenSSL 1.0.2 (which is nearing release, but does not yet
IIRC have support for these curves) and require the TLS WG to
publish new RFCs specifying yet more ciphersuites.

Server-side support for new and multiple EECDH[*] curves requires
a new API that is in OpenSSL 1.0.2 snapshots.  Support for that
will have to wait for Postfix 2.12.

--
        Viktor.

ECDHE if you must, which does not stand for "Elliptic Curve
Diffie-Hellman Exchange", rather it stands for "Ephemeral Elliptic
Curve Diffie-Hellman":

    http://tools.ietf.org/html/rfc4492#section-2

And yet the the ephemeral "E" is appended.  Little-endian, Big-endian
choose any two.