On Sun, Jan 05, 2014 at 01:58:30PM +0100, Andreas Schulze wrote:
> the documentation to these parameters refers the NSA website.
> However the links are broken.
That's the trouble with links. Anyone have suggested replacements.
> Also I don't feel very comfortable these days if postfix uses crypto
> approved by NSA :-/
There are no credible reports of serious problems with P-256 and
P-384. The Suite-B algorithms have moved from the "unknown unknown"
to the "known unknown" risk category.
In the mean-time, the IETF TLS working group is hard at work
standardizing (debating) more modern symmetric stream ciphers,
authentication modes, and elliptic curves.
Instead of trusting NIST you'll have to trust Daniel J. Bernstein,
but to his credit his algorithms don't have inexplicable magic
constants, the design rationale is published and the algorithms
benefit from new discoveries and lessons learned over the years.
In particular his "Edwards form" elliptic curves will not appear
before OpenSSL 1.0.2 (which is nearing release, but does not yet
IIRC have support for these curves) and require the TLS WG to
publish new RFCs specifying yet more ciphersuites.
Server-side support for new and multiple EECDH[*] curves requires
a new API that is in OpenSSL 1.0.2 snapshots. Support for that
will have to wait for Postfix 2.12.
--
Viktor.
ECDHE if you must, which does not stand for "Elliptic Curve
Diffie-Hellman Exchange", rather it stands for "Ephemeral Elliptic
Curve Diffie-Hellman":
http://tools.ietf.org/html/rfc4492#section-2
And yet the the ephemeral "E" is appended. Little-endian, Big-endian
choose any two.
