-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2014-01-16 at 13:57 +0100, Klaus Ethgen wrote: > Hi folks, > > Am Mi den 15. Jan 2014 um 23:36 schrieb Viktor Dukhovni: > > Note, some Debian releases patched Exim to make it "more secure", > > thereby breaking TLS handshakes with most servers, and making Exim > > less secure when Exim falls back to cleartext delivery. > > That is not true. The default of 1024 bit is insecure today. It will > just give you false security using such a short value. So it is just > consequent increasing the limit and not using such keys.
1024 is susceptible to brute-force attack by motivated attackers who have resources to expend. It's not "free" to attack. Cleartext is free to "attack", since it can be read anyway. Falling back to cleartext is unfortunate but currently required for interoperation. Set `hosts_require_tls` to an appropriate pattern (perhaps `*`) for instances where this fallback should not happen. DH with 1024 is better than cleartext. Breaking TLS negotiation is unreasonable and it's a design flaw of TLS that this can't be negotiated and handled better. If you refuse to use any security which can be attacked by an acronym agency when they turn their attention to you, opting for no security instead, you've increased your exposure to many others. In an ideal world, you might be protected from both, but I suggest revisiting your threat model to determine what acceptable compromises might be. Debian's intent was reasonable: improve available security. But the C constant which they changed had _two_ meanings back then and they accidentally also raised the minimum for talking to others. If deploying DH today, deploy with 2048 bits for maximum interoperability and require a minimum of 1024 bits when talking to others. > However, I did not currently check the value in debian or want to say > any about any distributor. (I just see a general debian hate from some > people on the list. But bashing doesn't help.) Viktor and I worked together to diagnose interoperability problems between Postfix installs and Exim installs caused by this Debian patch. Viktor's not bashing, he's accurately describing what happened and helping people get a functional secure setup for email. (Oh, and Viktor is very active in the DANE space, as it applies to email, and does a lot of Postfix's TLS code maintenance, so he knows what he's talking about when it comes to email security.) - -Phil -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJS2BU5AAoJEKBsj+IM0duFR1wH/i+0UEm7mPMHWlsxs5kCH9S5 BQr2EXb+osMx5+R98rHvwGUbkOa5u7AK77Ym+4EHjerRVPSMLMKgmZbLUHfvEZq6 aZeklwRgl/eP8noCwLfRlj8yxNzJIxtmG0M+q52yW3qER+LCqH3EBrjCC798jLGQ jkQKAQ2wX/56QISwmq/9KIhZAETQc/OjBzn64SI6jQCnKHbbawnsropbKOog/LBI B1JEmg9aOlmroXV+RsAWJ3TFwLz9p2pVFQQXWJaA0WApGHF2R5IOh3/SePypP16D otr9Xx1/lXeI/hvjRqit3nAuPnIDqyCOjh656NZkGPcn6/El/jUwnDzD2azFQEY= =kPU3 -----END PGP SIGNATURE----- -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
