Re: ECDH support for sendmail

[manu%netbsd.org@localhost (Emmanuel Dreyfus)]

Greg Troxel <gdt%ir.bbn.com@localhost> wrote:

> I also wonder if this is enabled in other MTAs, and/or openssl itself.
> In other words, is this making sendmail catch up with existing practice,
> or making sendmail be avant garde?

Not sure about other MTA capabilities, but the thing is still desirable.
Here is the background: there is a nice cryptographic feature called Perfect
Forward Secrecy, which means that if you store encrypted trafic, a later
compromission of server private key will not compromise the stored
communications.

There are two family of ciphers that will give you that: DHE and ECDHE
(openssl ciphers give you the whole list). Most TLS-enabled servers enable
DHE ciphers nowadays, fewer have ECDHE. But there are clients that will use
ECDHE but not DHE with RSA,  which means that you need both DHE and ECDHE if
you want to enlarge PFS usage
 
This ca be easily observed for web servers with Qualys SSL server test:
https://www.ssllabs.com/ssltest/

Give it a try with apache 2.2.x, you miss many browsers PFS capability. Add
the ECC support patch that was backported from 2.4 and you get PFS for all
modern browsers. Patch is there:
http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/www/apache22/files/ecc2224.patch

The same thing happens with mail clients, and I can see an improvement of
PFS usage with ECDH-enabled sendmail. I have not yet identified what clients
are impacted, but there are some that did not pick DHE ciphers, but now
negociate ECDHE ciphers.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost