Hi,
tl;dr should we make it easier/automatic for users to use the
Diffie-Hellman parameters defined in RFC7919?
For a long time, the general recommendation for Finite-Field
Diffie-Hellman Ephemeral Parameters (FFDHE, for use with
non-elliptic-curve DH, i.e. the dhparam-file many server configs ask us
to specify) used in TLS was to generate your own. However, RFC7919
specifies fixed, auditable parameters with lengths of 2048-8102 bits
[1], Mozilla has switched their recommendation from 'generate your own'
to 'use ffdhe2048' [2] and IIRC TLSv3 mandates their use.
Main advantage in using them is a) since they're fixed & well-defined,
they can be and are audited, b) clients don't have to check whether
parameters they're given by a server are legit or meddled with
(something that usually any client program would have to but few
actually do).
So, questions:
1) do we already ship these groups somewhere, e.g. via a package that I
don't know about? If not, should we maybe add one?
2) Many programs either ship their own dhparam files (on my systems at
least proftpd, certbot & openssh, via the moduli file) or expect the
user to point them to one (like webservers, dovecot, postfix etc.) +
some for sure hardcode some defaults if the user does not specify
parameters. Would it make sense to change their defaults - if possible -
to use (one of the) RFC7919 groups? One could even integrate this with
crypto-policies, if at some point one wants to e.g. change the desired
group size.
Best,
Christopher
[1] https://tools.ietf.org/html/rfc7919
[2] https://wiki.mozilla.org/index.php?title=Security/Server_Side_TLS
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
