On 09/23/2013 10:47 AM, Peter Gutmann wrote:

>> I'm inclined to agree with you, but you might be interested/horrified in the
>> "1024 bits is enough for anyone" debate currently unfolding on the TLS list:
> That's rather misrepresenting the situation.  It's a debate between two
> groups, the security practitioners, "we'd like a PFS solution as soon as we
> can, and given currently-deployed infrastructure DH-1024 seems to be the best
> bet", and the theoreticians, "only a theoretically perfect solution is
> acceptable, even if it takes us forever to get it".
> (You can guess from that which side I'm on).

Are you talking about the BCP? Then what you say is not true either.

1) General consensus seems to be that recommending DHE-2048 is not a
good idea in the BCP, because it will not be available now, nor in short
to mid-range time. Voices that utter different opinions are currently a
minority; the BCP authors are not among them.

2) Consequently, the BCP effort is currently on deciding whether a ECC
variant of DHE or DHE-1024 should be the recommendation. The factions
seem to be split about equally:

Pro DHE-1024:
* Some say not enough systems provide ECDHE to recommend it, and thus
DHE1024 should be the primary recommendation.
* Some say ECDHE is not trustworthy yet due to implementation
difficulties and/or NSA involvement.

* Others say Chrome and Firefox will soon, or already do, support ECDHE
it. That would leave only the Windows users on IE, and we know that
Windows 8.1 will support it.
* The same people acknowledge the "trustworthy" argument. The question
is whether it weighs heavily enough.

That seems to be a more accurate description as I understand it from
reading the list. Myself, I am currently still undecided on the issue
but tend slightly towards ECDHE for now -- with any luck, the BCP won't
be ready until we have some more data on the issue.


Ralph Holz
I8 - Network Architectures and Services
Technische Universität München
Phone +
PGP: A805 D19C E23E 6BBB E0C4  86DC 520E 0C83 69B0 03EF
The cryptography mailing list

Reply via email to