On 18/09/15 16:17, Florian Weimer wrote:
On 09/18/2015 03:14 PM, Daniel Pocock wrote:
> On 18/09/15 14:14, Florian Weimer wrote:
>> On 09/17/2015 09:07 PM, Daniel Pocock wrote:
>>> For reSIProcate 1.10.0, we will support PFS on TLS connections, this
>>> requires a DH parameters file to be generated on each installation of
>>> the package.
>> Why is forward secrecy with ECDHE not good enough? For that, you won't
>> need to generate DH parameters at all.
> Both DH and ECDH are supported
> If the DH parameters are not present, it will still work with ECDH alone.
That should be sufficient and is more secure because the
ServerKeyExchange signature does not indicate if the hashed & signed
data is for DH or ECDH. :-(
> To maximize compatibility in a world of federated SIP though, it is
> useful to have both.
Are you sure? Finite-field DH used to be pretty widely disabled for
Once you've encountered enough proprietary SIP devices, you get to the
point where nothing surprises you any more.
reSIProcate is intended to be something of a reference implementation so
it is also good to have these different permutations in there. People
can remove DH by modifying the cipher list if they explicitly don't want it.
Testing with a few clients, I observed, they preferred ECDH and used it.