Am 2024-03-23 17:17, schrieb Viktor Dukhovni via Postfix-users:
PS: As of January 2024, the German BSI has tighten its recommendation for asymmetric algorithms over finite fields to at least 3000 bits (i.e. RSA encryption, RSA signatures and FFDH).With little thought about the opportunistic TLS use-case.
I'm not claiming to know what the rationale is, but one possible thought-chain could be: IF there is no MITM, and IF the session is encrypted, then at least use good encrpytion so that an attacker which is only able to listen, is not able to get the content.
Also: this is not a specific recommendation for SMTP, it is a generic recommendation for encrypted communication independent from the context it is used in, so there may be no thought at all about opportunistic TLS.
Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netch...@freebsd.org : PGP 0x8F31830F9F2772BF
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org