On Sun, 2020-08-23 at 04:26 +0200, Kevin Kofler wrote: > Christopher Engelhard wrote: > > tl;dr should we make it easier/automatic for users to use the > > Diffie-Hellman parameters defined in RFC7919? > > While I understand the motivation behind the RFC (interoperability, safety > against intentionally or unintentionally bad parameters), hardcoded > parameters sound suspicious to me. How do we know that these are not chosen > to allow the NSA or some other country's equivalent agency to decrypt the > conversation?
You don't, except for all the reviews mentioned, which are definitely more review than randomly selected parameters which often are more suspicious. If you are worried about DH I suggest you just disable it entirely and rely on RSA/ECDH key exchanges instead. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
