On Sep 2, 2013, at 11:41 PM, Patrick Pelletier wrote:
But besides a TLS extension, I think what you suggest is good, some
sort of informational RFC that would recommend "best practices" for
PFS, e. g. something along the lines of "put ECDHE cipher suites
first (for performance and so Java won't choke on DHE), make sure
you support at least secp256r1 and secp384r1, put DHE cipher suites
second, use a prime size of 2176 bits (largest multiple of 64 less
than 2236)" or whatever.
Well, in light of Bruce Schneier's recommendations today, maybe DHE
should be prioritized over ECDHE:
http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c1675929
Although there is still the issue that DHE is slower than ECDHE. Is
Curve25519 the answer?
--Patrick
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
