On Wed, May 20, 2015 at 07:17:43PM +0200, Kurt Roeckx wrote: > On Wed, May 20, 2015 at 07:11:42AM +0000, mancha wrote: > > Hello. > > > > Given Adrien et al. recent paper [1] together with their > > proof-of-concept attacks against 512-bit DH groups [2], it might be > > a good time to resurrect a discussion Daniel Kahn Gillmor has > > started here in the past. > > Please see > http://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ > > > Kurt
Hi Kurt. Thanks for the link and congrats to EK for a well-written blog. A few questions... 1. On ECC: Did I correctly understand that starting with 1.0.2b, OpenSSL clients will only include secp256r1, secp384r1, and secp521r1 on the prime side and sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1 on the binary side in supported elliptic curves extensions? Will OpenSSL consider making this change in 1.0.1 as well? 2. On FF DH: Is it possible for OpenSSL to provide a tentative timeline for its planned transition (no minimum -> 768-bit min -> 1024-bit min)? Right now the move to 1024-bit is slated for "soon" but tentative dates are likely more effective prods for sites (and others) using Jurassic modp's. Cheers. --mancha
pgpCi6CdaMB_l.pgp
Description: PGP signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
