On Fri, Sep 6, 2013 at 2:31 PM, D. Hugh Redelmeier <hugh@xxxxxxxxxx> wrote: > | From: Reindl Harald <h.reindl@xxxxxxxxxxxxx> > | Date: Sat, 24 Aug 2013 11:38:21 +0200 > > | https://bugzilla.redhat.com/show_bug.cgi?id=3D319901 > | > | looks like Redhat based systems are the only remaining > | which does not support EECDHE which is a shame these > | days in context of PRISM and more and more Ciphers > | are going to be unuseable (BEAST/CRIME weakness) > > It might be the case that the NSA has their fingers in these ECC > standards. > > Here's a Schneier article worth reading: > <http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance> > > In it, he recommends (among many other things): > > Prefer conventional discrete-log-based systems over elliptic-curve > systems; the latter have constants that the NSA influences when > they can. > > It could be (by accident) that Fedora is more secure due to patents! The P-256r curve commonly used for ECDH the web has it's parameters generated by a nothing-up-my-sleeve CSPRNG approach. I doubt Bruce was speaking of that... it he was, I think thats a pretty audacious claim that requires some justification. Regardless, I think that argument would be an ignorant one: Approximately no one runs non-ECDH PFS on the web: it's insanely slow and it breaks clients. The choice is not between ECDH and RSA based PFS, the choice is between ECDH and no PFS at all. Right now Fedora webservers have no PFS at all. This can not be argued to be an improvement. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
