On Nov 6, 2013, at 06:14 , Emmanuel Dreyfus <manu%netbsd.org@localhost> wrote: > Greg Troxel <gdt%ir.bbn.com@localhost> wrote: > >> I also wonder if this is enabled in other MTAs, and/or openssl itself. >> In other words, is this making sendmail catch up with existing practice, >> or making sendmail be avant garde? > > Not sure about other MTA capabilities, but the thing is still desirable. > Here is the background: there is a nice cryptographic feature called Perfect > Forward Secrecy, which means that if you store encrypted trafic, a later > compromission of server private key will not compromise the stored > communications. > > There are two family of ciphers that will give you that: DHE and ECDHE > (openssl ciphers give you the whole list). Most TLS-enabled servers enable > DHE ciphers nowadays, fewer have ECDHE. But there are clients that will use > ECDHE but not DHE with RSA, which means that you need both DHE and ECDHE if > you want to enlarge PFS usage > > This ca be easily observed for web servers with Qualys SSL server test: > https://www.ssllabs.com/ssltest/ > > Give it a try with apache 2.2.x, you miss many browsers PFS capability. Add > the ECC support patch that was backported from 2.4 and you get PFS for all > modern browsers. Patch is there: > http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/www/apache22/files/ecc2224.patch > > The same thing happens with mail clients, and I can see an improvement of > PFS usage with ECDH-enabled sendmail. I have not yet identified what clients > are impacted, but there are some that did not pick DHE ciphers, but now > negociate ECDHE ciphers. Thanks for explaining this. Now your patch makes sense :) I was also about to comment about your patch too, because I was thinking MTA to MTA communication. (You didn't mention that this was mostly for MAU to MTA communication.) I also want to echo what jnemeth@ wrote about EC and NSA... /P
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail