Re: Fedora/Redhat and perfect forward secrecy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 9 Sep 2013, Reindl Harald wrote:


I don't get it, either


google "dhe versus ecdhe performance"

http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html

Let’s focus on the server part. Enabling DHE-RSA-AES128-SHA cipher suite
hinders the performance of TLS handshakes by a factor of 3. Using
ECDHE-RSA-AES128-SHA instead only adds an overhead of 27%. However, if we
use the 64bit optimized version, the cost is only 15%


is that enough to understand why nobody on this world is using DHE and so your
"Current Fedora supports perfect forward secrecy just fine" is *far* away
from the reality?


Not for me. I thought TLS was latency bound. The above "factor 3" does
not state whether TLS client/server were in the same LAN (or even VMs on
the same host).

For the client, clearly CPU is not the limiting factor. For regular TLS
servers, this should also not matter. For fully loaded TLS servers or
TLS accelerators, the factor 3 on the CPU load will matter, but we're
talking clusters of machines here. Dropping in a few extra machines
shouldn't be that hard to give your patent-encumbered endusers PFS.


it does not help much support forward secrecy in a way *nobody* else on this
planet is supporting it and so you repsonse below is uneducated - period


Ignoring the obvious legal (and now potential backdoor) problems with
ECC is also not very educated.

Paul


-------- Original-Nachricht --------
Betreff: Re: Fedora/Redhat and perfect forward secrecy
Datum: Mon, 26 Aug 2013 11:07:29 +0200
Von: Florian Weimer <fweimer@xxxxxxxxxx>
An: Development discussions related to Fedora <devel@xxxxxxxxxxxxxxxxxxxxxxx>
Kopie (CC): Reindl Harald <h.reindl@xxxxxxxxxxxxx>, Mailing-List fedora-users <users@xxxxxxxxxxxxxxxxxxxxxxx>

On 08/24/2013 11:38 AM, Reindl Harald wrote:

https://bugzilla.redhat.com/show_bug.cgi?id=319901

looks like Redhat based systems are the only remaining
which does not support EECDHE which is a shame these
days in context of PRISM and more and more Ciphers
are going to be unuseable (BEAST/CRIME weakness)


Current Fedora supports perfect forward secrecy just fine.  It's just
that web server operators routinely refuse to offer it.  (The situation
is different with mail servers.)  Operational benefits look rather
marginal to me.  It may discourage interested parties from requesting
server private keys, but even that isn't assured.



--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux