Vulnerability >> logjam << downgrades TLS connections to 512 Bit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, May 22, 2015 at 12:51 AM, Jakob Bohm <jb-openssl at wisemo.com> wrote:
> On 22/05/2015 03:57, Jeffrey Walton wrote:
>>>
>>> As an additional change for 1.0.2c or later (no need to
>>> delay the urgent fix), maybe adjust internal operations
>>> to discourage use of hardcoded DH groups for TLS DH (but
>>> NOT for generic DH-like operations such as openssl-based
>>> implementations of SRP).
>>
>> That's going to be tough because standards groups like the TLS WG are
>> actively promoting fully specified, named parameters and curves.
>>
>> See, for example, "Negotiated Finite Field Diffie-Hellman Ephemeral
>> Parameters for TLS",
>> https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe-09; and
>> the discussion of magic primes at "Re: [TLS] Another IRINA bug in
>> TLS", https://www.ietf.org/mail-archive/web/tls/current/msg16417.html.
>> (The thread is due to the recent attacks on DH).
>
> The latter thread contains posts from respected experts
> asking not to use fixed parameters for DH...

Well, I'm not sure how much more respected one can get than Daniel
Kahn Gillmore, Stephen Farrell, Eric Recorla; or have better
credentials than practicing cryptographers.

How high is your bar :)


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux