On Mon, 9 Sep 2013, Reindl Harald wrote:
I don't get it, either
google "dhe versus ecdhe performance"
http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
Let’s focus on the server part. Enabling DHE-RSA-AES128-SHA cipher suite
hinders the performance of TLS handshakes by a factor of 3. Using
ECDHE-RSA-AES128-SHA instead only adds an overhead of 27%. However, if we
use the 64bit optimized version, the cost is only 15%
is that enough to understand why nobody on this world is using DHE and so your
"Current Fedora supports perfect forward secrecy just fine" is *far* away
from the reality?
Not for me. I thought TLS was latency bound. The above "factor 3" does
not state whether TLS client/server were in the same LAN (or even VMs on
the same host).
For the client, clearly CPU is not the limiting factor. For regular TLS
servers, this should also not matter. For fully loaded TLS servers or
TLS accelerators, the factor 3 on the CPU load will matter, but we're
talking clusters of machines here. Dropping in a few extra machines
shouldn't be that hard to give your patent-encumbered endusers PFS.
it does not help much support forward secrecy in a way *nobody* else on this
planet is supporting it and so you repsonse below is uneducated - period
Ignoring the obvious legal (and now potential backdoor) problems with
ECC is also not very educated.
Paul
-------- Original-Nachricht --------
Betreff: Re: Fedora/Redhat and perfect forward secrecy
Datum: Mon, 26 Aug 2013 11:07:29 +0200
Von: Florian Weimer <fwei...@redhat.com>
An: Development discussions related to Fedora <devel@lists.fedoraproject.org>
Kopie (CC): Reindl Harald <h.rei...@thelounge.net>, Mailing-List fedora-users
<us...@lists.fedoraproject.org>
On 08/24/2013 11:38 AM, Reindl Harald wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=319901
looks like Redhat based systems are the only remaining
which does not support EECDHE which is a shame these
days in context of PRISM and more and more Ciphers
are going to be unuseable (BEAST/CRIME weakness)
Current Fedora supports perfect forward secrecy just fine. It's just
that web server operators routinely refuse to offer it. (The situation
is different with mail servers.) Operational benefits look rather
marginal to me. It may discourage interested parties from requesting
server private keys, but even that isn't assured.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct