On 10/19/2016 11:34 AM, Leonard den Ottolander wrote:
Hello Gordon,
*snip*
Personally I would be more concerned whether or not to enable ECDSA
algorithms (https://blog.cr.yp.to/20140323-ecdsa.html).
Regards,
Leonard.
For web server ECDSA certs is currently a concern because the only
curves with popular support across browsers have parameters that were
chosen for undocumented reasons.
That doesn't mean they are vulnerable but there is a question.
OpenSSH uses Curve25519 for ECDSA which has documented reasons for the
parameters chosen and thus are far less likely to be nefariously chosen.
At least that's my understanding of the situation, which could be flawed.
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
