Fedora/Redhat and perfect forward secrecy
Reindl Harald
h.reindl at thelounge.net
Fri Sep 6 22:22:10 UTC 2013
Am 06.09.2013 23:31, schrieb D. Hugh Redelmeier:
> | From: Reindl Harald <h.reindl at thelounge.net>
> | Date: Sat, 24 Aug 2013 11:38:21 +0200
>
> | https://bugzilla.redhat.com/show_bug.cgi?id=3D319901
> |
> | looks like Redhat based systems are the only remaining
> | which does not support EECDHE which is a shame these
> | days in context of PRISM and more and more Ciphers
> | are going to be unuseable (BEAST/CRIME weakness)
>
> It might be the case that the NSA has their fingers in these ECC
> standards.
>
> Here's a Schneier article worth reading:
> <http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance>
>
> In it, he recommends (among many other things):
>
> Prefer conventional discrete-log-based systems over elliptic-curve
> systems; the latter have constants that the NSA influences when
> they can.
>
> It could be (by accident) that Fedora is more secure due to patents!
it could be that RHEL/Fedora fail every security audit in the near future
*that* is proven and sure, the above not!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130907/73e03151/attachment-0001.sig>
More information about the users
mailing list