Fedora/Redhat and perfect forward secrecy
Jan-Frode Myklebust
janfrode at tanso.net
Mon Aug 26 11:26:05 UTC 2013
On Mon, Aug 26, 2013 at 11:07:29AM +0200, Florian Weimer wrote:
> On 08/24/2013 11:38 AM, Reindl Harald wrote:
> >https://bugzilla.redhat.com/show_bug.cgi?id=319901
> >
> >looks like Redhat based systems are the only remaining
> >which does not support EECDHE which is a shame these
> >days in context of PRISM and more and more Ciphers
> >are going to be unuseable (BEAST/CRIME weakness)
>
> Current Fedora supports perfect forward secrecy just fine.
Just fine -- assuming one ignores the 4-5x performance penalty of DH (vs.
non-PFS/ECDHE), and also ignore IE and Safari as clients ?
> It's just that web server operators routinely refuse to offer it.
The perf penalty of DH-RSA seems a bit high, and web server operators
are likely fighting anything that is likely to introduce latency..
> (The situation is different with mail servers.) Operational benefits
> look rather marginal to me. It may discourage interested parties
> from requesting server private keys, but even that isn't assured.
> It does not help against server operators which provide third
> parties with cleartext copies of transmissions, obviously.
It helps against broad prism-style interception of all traffic, with the
intention of decrypting at some later point.
-jf
More information about the devel
mailing list