On 24/12/2013 2:09 AM, Viktor Dukhovni wrote:
On Tue, Dec 24, 2013 at 01:29:38AM +1100, nanotek wrote:
Still, might be a good time to create my own CA and upgrade to 4096 bit
keys/certificates
You can deploy 4096-bit RSA key if it makes you feel more cool,
but there is little point in going beyond 2048-bit RSA at this
time. The further you stray away from current practice into the
land of "extreme" cryptography, the more likely you are to run into
interoperability problems, without any real security gains.
You're right; I'll keep 4096 bit for private data-, and key-encipherment
and restrict service keys to 2048.
using SHA512 algorithms
TLSv1 and TLSv1.2 does not support negotiation of digest algorithms.
Deploying digests beyond SHA1 will cause interoperability problems
with systems that don't yet support the SHA2 family.
I was just reading into this as I just upgraded to OpenSSL 1.0.1e
(FreeBSD base system still installs 0.9.8y). I thought v1.x supported
SHA256 cipher suites. Thanks for making me aware, Viktor.
and make use of some
Diffie-Hellman ephemeral elliptic curve parameters for perfect forward
secrecy.
This is enabled in Postfix >= 2.8 by default. If you stuck with
2.6 or 2.7, see the new forward secrecy document.
I'm running 2.11. Wietse provided the link, which I've read. It appears
to contain all necessary intel.
We obviously don't know which is stronger against hypothetical
unpublished attacks, EDH at 2048-bits or the P-256 curve. Feel
free to roll the dice. Against publically known attacks P-256 is
both more secure and more computationally efficient than 2048-bit
EDH.
I think 384-bit ECDSA keys might be my choice then?
I've read http://www.postfix.org/TLS_README.html -- Postfix
documentation is exceptional by the way
Thanks for the praise.
It's deserved; thank you all for your great work!
--
syn.bsdbox.co
