[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Feature req: DH prime bitsize query
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: Feature req: DH prime bitsize query |
|
Date: |
Sun, 27 May 2012 22:09:26 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.4) Gecko/20120510 Icedove/10.0.4 |
On 05/27/2012 04:14 PM, Phil Pennock wrote:
>> Is that an issue for you? Because the bits on the various security
>> levels are a result of some interpolation being extreme precise in the
>> size of bits doesn't make IMO much sense. GnuTLS will make sure however
>> that there will be at least so many bits.
> It is when 2236 is the limit used by NSS and we're clamping down the
> result of
> gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_NORMAL)
> to try to avoid breaking clients.
>
> What I've actually done is grab the primes from RFCs 2409, 3526 and
> 5114, converted to PKCS#3 and built those into Exim as constants, and
> chosen the 2048 bit prime from section 2.2 of RFC 5114 (IKE id 23) as
> the default.
You could also use certtool --get-dh-params to get the parameters used
in SRP (which are mostly common with the IKE parameters). However those
parameters would be much slower than using the generated with gnutls
parameters (which contain a subgroup of the order of the security
parameter, to lower the load on the server).
> So by default, the new release of Exim will use vetted primes which are
> within bounds, and generating the DH params using GnuTLS becomes the
> non-default behaviour, thus preserving interoperability.
You could also generate parameters of smaller size (2048 bits) to allow
interoperability with NSS.
regards,
Nikos