On 2016-05-29 at 01:50 -0400, Viktor Dukhovni wrote: > This particular RFC is a bad idea. Replace its groups with a safe > group generated by the Exim developers, or generated at compile time, > if you're willing to tolerate slow builds on older systems. (Generating > 2048-bit Sophie-Germain safe primes can take minutes). > > FWIW, in Postfix I take the first (generated by developers) approach, see > lines 118 through 150 of: > > https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_dh.c
I'm perfectly happy to change the default. I chose it on the basis of "well, at least there's an RFC, and it's 2048 bit, so as good as any other and likely somewhat better". In std-crypto.c we define a list of named DH constants, eg "ike23". We also define "default", which happens to be the same as "ike23". I'm happy to add an entry "postfix1", with provenance, "ripped from the Postfix source". :D More seriously, perhaps just "exim.dev.20160529" as a keyname, and make it the default. Actually, generating 3 sets now, numbered each with suffices. Also, `exim -bI:dhparams` should be a thing. Ugh. This is very definitely a Work In Progress, but is my rough thinking. When I've slept, I want to: * Fix the PKCS3 generation so we can update the IKE constants * Add -bI:dhparams * Test it actually works http://git.exim.org/exim.git/shortlog/refs/heads/pdp_new_dhparam https://github.com/Exim/exim/commits/pdp_new_dhparam Since this adds cryptographic magic values where folks can't validate against an RFC and instead have to trust that I'm not deliberately sabotaging things, I think it's appropriate for any commit adding such values to be PGP-signed (commit object, not just the usual release tags). I've done this, you can see the "Verified" tag on GitHub. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
