On 2016-05-29 at 05:09 +0000, Viktor Dukhovni wrote: > I cannot emphasize this more strongly. The RFC in question is > informational (not standards track) and in hindsight harmful. It > really is best to just remove support for the groups from this RFC.
In a world where ECC is not yet widespread in MTA, PFS requires DH. The documentation, and many packages (I believe) encourage people to generate primes. These are a fallback. My belief was that PFS with 2048-bit DH from an RFC is better than no PFS. Today ... I think that I believe the same. Mind, the documented advice is to just use `openssl dhparam` to generate fresh parameters, which I believe uses a small order subgroup by default. (2, confirmed as of 1.0.2h); if that's not current best practice, I'd appreciate pointers on what the best practice is, for those still using prime-number based DH. (I believe that Jeremy wrote, or at least committed, support for ECDH curves, earlier this year, but have not double-checked). -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
