Re: [TLS] draft-sheffer-tls-bcp: DH recommendations

Patrick Pelletier <code@funwithsoftware.org> Mon, 16 September 2013 07:55 UTC

Return-Path: <code@funwithsoftware.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17D3421F9123 for <tls@ietfa.amsl.com>; Mon, 16 Sep 2013 00:55:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.933
X-Spam-Level:
X-Spam-Status: No, score=-1.933 tagged_above=-999 required=5 tests=[AWL=-0.823, BAYES_05=-1.11]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TGTzTHEW9-1O for <tls@ietfa.amsl.com>; Mon, 16 Sep 2013 00:55:46 -0700 (PDT)
Received: from asbnvacz-mailrelay01.megapath.net (asbnvacz-mailrelay01.megapath.net [207.145.128.243]) by ietfa.amsl.com (Postfix) with ESMTP id D84E511E8102 for <tls@ietf.org>; Mon, 16 Sep 2013 00:55:45 -0700 (PDT)
Received: from mail1.sea5.speakeasy.net (mail1.sea5.speakeasy.net [69.17.117.39]) by asbnvacz-mailrelay01.megapath.net (Postfix) with ESMTP id A02001EE53AD for <tls@ietf.org>; Mon, 16 Sep 2013 03:55:36 -0400 (EDT)
Received: (qmail 7524 invoked from network); 16 Sep 2013 07:55:36 -0000
Received: by simscan 1.4.0 ppid: 28287, pid: 17416, t: 1.2115s scanners: clamav: m:
Received: from dsl017-096-185.lax1.dsl.speakeasy.net (HELO PatrickMBP.local) (ppelleti@[69.17.96.185]) (envelope-sender <code@funwithsoftware.org>) by mail1.sea5.speakeasy.net (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for <tls@ietf.org>; 16 Sep 2013 07:55:35 -0000
Message-ID: <5236B975.9040808@funwithsoftware.org>
Date: Mon, 16 Sep 2013 00:55:33 -0700
From: Patrick Pelletier <code@funwithsoftware.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:16.0) Gecko/20121026 Thunderbird/16.0.2
MIME-Version: 1.0
To: tls@ietf.org
References: <52360658.7050203@gmail.com> <CAD75AFF-16FB-42CD-8DD6-54DA18F2F3D6@checkpoint.com>
In-Reply-To: <CAD75AFF-16FB-42CD-8DD6-54DA18F2F3D6@checkpoint.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] draft-sheffer-tls-bcp: DH recommendations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Sep 2013 07:55:53 -0000

On 9/15/13 12:56 PM, Yoav Nir wrote:

> There are ECDHE ciphersuites that are supported by nearly all browsers as well as well as OpenSSL (which means also Apache), IIS and others.

Supported in the source, sure.  But Red Hat will disable it when it 
builds packages:

https://bugzilla.redhat.com/show_bug.cgi?id=319901

--Patrick