Re: ECDSA client question
On Sun, 16 Dec 2018, Michael A. Peters wrote: We know there are unexplained constants in the NIST curves including P-256 - what if NSA was partially responsible for this bug (back room deal to avoid anti-trust prosecution, similar deal with IBM was made in the 70s I believe also involving cryptography) so that Android apps that use ECDSA (beyond just the mail client, e.g. chat apps) would use P-256 for compatibility and are maybe vulnerable to MITM for the key exchange. I want Ed25519 now. Bernstein fan? Definitely off-topic, but the gist of his critique of P-256 is that any possible deliberate sabotage of curve parameters is a distraction from the real problem: complexity makes implementation fumbles easy with distrastous consequences. https://cr.yp.to/newelliptic/nistecc-20160106.pdf Joseph Tam
Re: ECDSA client question
On 12/16/18 7:52 AM, Tributh via dovecot wrote: Am 16.12.18 um 12:13 schrieb Michael A. Peters: Hi, for those who have adopted ECDSA, Are there still any commonly used IMAPS/POP3S clients that still can not handle ECDSA certificates? I know you can set up Dovecot dor dual cert, I am just trying to determine if there still is a real world need to. Nearly every client can handle ECDSA, but it depends on the size of the certificate. I used years ago ECDSA-384bit certificates, which covered most of the clients. It came to the point to disable RSA in that time, but than came Android7.0. This Version can only handle ECDSA-256bit certificates or RSA. The coverage of Android7.0 is still over 20%. Google reacted fast and repaired this bug in 7.1, which is still not coming to most of the phones. Cheers Torsten Wow - My phone is running Android 6, I just checked with Dad - his phone (Motorola) is running Android 7.0 - the version with the bug. We don't replace phones just because new versions are available, we replace them when they stop working, and when we do we usually get refurbished because we hate how much electronic waste is in the world. I have to admit, the tin foil hat of mine just got an alert. We know there are unexplained constants in the NIST curves including P-256 - what if NSA was partially responsible for this bug (back room deal to avoid anti-trust prosecution, similar deal with IBM was made in the 70s I believe also involving cryptography) so that Android apps that use ECDSA (beyond just the mail client, e.g. chat apps) would use P-256 for compatibility and are maybe vulnerable to MITM for the key exchange. I want Ed25519 now.
Re: ECDSA client question
Am 16.12.18 um 12:13 schrieb Michael A. Peters: > Hi, for those who have adopted ECDSA, > > Are there still any commonly used IMAPS/POP3S clients that still can not > handle ECDSA certificates? > > I know you can set up Dovecot dor dual cert, I am just trying to > determine if there still is a real world need to. Nearly every client can handle ECDSA, but it depends on the size of the certificate. I used years ago ECDSA-384bit certificates, which covered most of the clients. It came to the point to disable RSA in that time, but than came Android7.0. This Version can only handle ECDSA-256bit certificates or RSA. The coverage of Android7.0 is still over 20%. Google reacted fast and repaired this bug in 7.1, which is still not coming to most of the phones. Cheers Torsten
ECDSA client question
Hi, for those who have adopted ECDSA, Are there still any commonly used IMAPS/POP3S clients that still can not handle ECDSA certificates? I know you can set up Dovecot dor dual cert, I am just trying to determine if there still is a real world need to.
