On 13.11.2016 21:33, Viktor Dukhovni wrote:
> On Sun, Nov 13, 2016 at 08:42:19AM +0100, Juri Haberland wrote:
>> Just go with the tips from BetterCrypto.org - as the site above suggests,
>> too.
>
> Better yet, stick with the Postfix defaults, they were chosen with
> care to be appropriate for M
On Sun, Nov 13, 2016 at 08:42:19AM +0100, Juri Haberland wrote:
> > They're just lines in a configure file. Save the old file and you back
> > to where you were.
>
> Just go with the tips from BetterCrypto.org - as the site above suggests, too.
Better yet, stick with the Postfix defaults, they
On 11/12/2016 10:55 PM, li...@lazygranch.com wrote:
On Sun, 13 Nov 2016 01:43:17 -0500
"Bill Cole" wrote:
If the NSA/GCHQ capturing all of your SMTP traffic and saving it for
hypothetical future decryption is a realistic and significant
scenario in your threat model, you should reconsider your
On 13.11.2016 07:55, li...@lazygranch.com wrote:
> On Sun, 13 Nov 2016 01:43:17 -0500
> "Bill Cole" wrote:
> >
>> If the NSA/GCHQ capturing all of your SMTP traffic and saving it for
>> hypothetical future decryption is a realistic and significant
>> scenario in your threat model, you should rec
On Sun, 13 Nov 2016 01:43:17 -0500
"Bill Cole" wrote:
> If the NSA/GCHQ capturing all of your SMTP traffic and saving it for
> hypothetical future decryption is a realistic and significant
> scenario in your threat model, you should reconsider your use of
> email.
>
I'm in the USA and getting
On 12 Nov 2016, at 18:59, li...@lazygranch.com wrote:
# postconf tls_high_cipherlist
tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH
verified
Assuming the default "high" setting is sufficient, why wouldn't I
change
this parameter to high rather than medium.
postconf smtpd_tls_mandatory_cip
On Sat, 12 Nov 2016 15:29:54 -0500
"Bill Cole" wrote:
> On 11 Nov 2016, at 14:31, li...@lazygranch.com wrote:
>
> > On Fri, 11 Nov 2016 09:54:48 -0500
> > "Bill Cole" wrote:
>
> [big snip...]
>
> >> The bottom line (if you've made it this far...) is that the
> >> settings that involve deep
On 11 Nov 2016, at 14:31, li...@lazygranch.com wrote:
On Fri, 11 Nov 2016 09:54:48 -0500
"Bill Cole" wrote:
[big snip...]
The bottom line (if you've made it this far...) is that the settings
that involve deep encryption parameters in modern Postfix are best
left at their default values unle
I did a search to see if Schneier changed his mind. He still prefers AES128.
Ditto on the bettercrypto link. Back to lurking...
Original Message
From: Alice Wonder
Sent: Friday, November 11, 2016 12:44 PM
To: postfix-users@postfix.org
Subject: Re: bits of encryption
On 11/11/2016 11:00
On 11.11.2016 12:21, li...@lazygranch.com wrote:
> So is this level of encryption something openssl sets up? That is where do I
> set the parameter?
You might want to read
https://bettercrypto.org/static/applied-crypto-hardening.pdf
It has background information and configuration examples for m
...@lazygranch.com; postfix-users@postfix.org
Subject: Re: bits of encryption
On 2016-11-11 12:08, li...@lazygranch.com wrote:
That does explain a lot, but why when I "talk to myself" (send myself
email)
do I get a lower grade (less bits) of encryption than when another
server is
sending mail? Is
rg
Subject: Re: bits of encryption
On 11/11/2016 03:21 AM, li...@lazygranch.com wrote:
> So is this level of encryption something openssl sets up? That is where do I
> set the parameter?
>
> Original Message
> From: Sven Schwedas
> Sent: Friday, November 11, 2016 3:15 AM
> To
On Fri, 11 Nov 2016 09:54:48 -0500
"Bill Cole" wrote:
> On 11 Nov 2016, at 6:21, li...@lazygranch.com wrote:
>
> > So is this level of encryption something openssl sets up?
>
> Yes and no. The partners in an encrypted session negotiate the
> details of a ciphersuite when the session is establ
: bits of encryption
On 2016-11-11 12:08, li...@lazygranch.com wrote:
That does explain a lot, but why when I "talk to myself" (send myself email)
do I get a lower grade (less bits) of encryption than when another server is
sending mail? Is there some parameter I need to set in postfix
On 11 Nov 2016, at 6:21, li...@lazygranch.com wrote:
So is this level of encryption something openssl sets up?
Yes and no. The partners in an encrypted session negotiate the details
of a ciphersuite when the session is established, based on both of their
configurations. For Postfix, the conf
So is this level of encryption something openssl sets up? That is where do I
set the parameter?
Original Message
From: Sven Schwedas
Sent: Friday, November 11, 2016 3:15 AM
To: li...@lazygranch.com; postfix-users@postfix.org
Subject: Re: bits of encryption
On 2016-11-11 12:08, li
On 2016-11-11 12:08, li...@lazygranch.com wrote:
> That does explain a lot, but why when I "talk to myself" (send myself email)
> do I get a lower grade (less bits) of encryption than when another server is
> sending mail? Is there some parameter I need to set in postfix?
That does explain a lot, but why when I "talk to myself" (send myself email) do
I get a lower grade (less bits) of encryption than when another server is
sending mail? Is there some parameter I need to set in postfix?
Original Message
From: Sven Schwedas
Sent: Friday, November
On 2016-11-11 11:16, li...@lazygranch.com wrote:
> This comes under the notion that if you don't ask, you don't learn.
It is a bit off topic, yes.
> I did some dovecot2 updates, so naturally I decided to test the mail
> system. When I mail a message to myself, this is the TLS notification:
> (usi
This comes under the notion that if you don't ask, you don't learn.
I did some dovecot2 updates, so naturally I decided to test the mail
system. When I mail a message to myself, this is the TLS notification:
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
However I do recei
20 matches
Mail list logo