Fedora/Redhat and perfect forward secrecy
D. Hugh Redelmeier
hugh at mimosa.com
Fri Sep 6 21:31:02 UTC 2013
| From: Reindl Harald <h.reindl at thelounge.net>
| Date: Sat, 24 Aug 2013 11:38:21 +0200
| https://bugzilla.redhat.com/show_bug.cgi?id=3D319901
|
| looks like Redhat based systems are the only remaining
| which does not support EECDHE which is a shame these
| days in context of PRISM and more and more Ciphers
| are going to be unuseable (BEAST/CRIME weakness)
It might be the case that the NSA has their fingers in these ECC
standards.
Here's a Schneier article worth reading:
<http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance>
In it, he recommends (among many other things):
Prefer conventional discrete-log-based systems over elliptic-curve
systems; the latter have constants that the NSA influences when
they can.
It could be (by accident) that Fedora is more secure due to patents!
More information about the devel
mailing list