Re: ECDH support for sendmail

To: jnemeth%cue.bc.ca@localhost (John Nemeth), pkgsrc-users%netbsd.org@localhost
Subject: Re: ECDH support for sendmail
From: manu%netbsd.org@localhost (Emmanuel Dreyfus)
Date: Wed, 6 Nov 2013 03:10:10 +0100

John Nemeth <jnemeth%cue.bc.ca@localhost> wrote:

>      It looks like my choice of words was rather poor.  I meant to
> say that I didn't like the way you've implemented it.  You didn't
> answer my question about the origin of the patch...  

Sorry, missed it. 

I found the patch here:
https://github.com/bumptech/stud/pull/61/files

Taking random patch from random project is not good security practice. I
therefore checked it against dovecot implementation to make sure it made
sense: ECDH support was added in dovecot here:
http://hg.dovecot.org/dovecot-2.2/diff/331d0a4fe772/src/login-common/ssl
-proxy-openssl.c

The sendmail version is just a striped down version (so much stripped
down I considered it did not need attribution: this is just the OpenSSL
API called n the eimpiest way), and the dovecot patch has an insightful
comment explaining the complexity difference. Basically the sendmail
version sticks to RFC mandated settings, while the dovecot patch goes
beyond.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost

References:
- Re: ECDH support for sendmail
  - From: John Nemeth

Prev by Date: Re: Firefox 24 doesn't restore session
Next by Date: Re: misc/tmux on OS X
Previous by Thread: Re: ECDH support for sendmail
Next by Thread: Re: ECDH support for sendmail
Indexes:

Home | Main Index | Thread Index | Old Index