Wietse Venema <wie...@porcupine.org> writes: > Postfix has supported forward secrecy for TLS since version 2.2 > when the TLS patch was adopted into Postfix. Things have changed a > lot since then, both in TLS and in the real world. > > Viktor wrote up a FORWARD_SECRECY_README that summarizes the Postfix > side of things all in one place. > > Available now: > http://www.porcupine.org/postfix-mirror/FORWARD_SECRECY_README.html > > In the next 24 hours: > http://www.postfix.org/FORWARD_SECRECY_README.html
Thank you for writing this up. I notice that you are using OpenSSL's private terminology (EDH and EECDH) instead of the standard terminology (DHE and ECDHE). I realize that postfix is using openssl, and so it may seem natural to use those names, but when we are struggling with protocols where interoperability with other tools is critical, eliminating confusion wherever possible is a worthy goal. I don't know why openssl did that, it really introduces confusion all around[0]. Whatever the reason, it is being fixed to remove the confusion entirely[1], and Postfix should adopt the standard names as soon as possible. My suggestion for dealing with this in this FORWARD_SECRECY_README is to change to using the standard terminology and just include a footnote about the non-standard names until those fade from our collective nightmare. Micah 0. especially since https://tools.ietf.org/html/rfc4492 was clearly publicly announced -- they just chose EECDH by analogy with their EDH. Even the (admittedly-retrospective) SSL 3.0 RFC calls it DHE, not EDH: https://tools.ietf.org/html/rfc6101#appendix-A.6... It probably was a result of some pre-TLS ssleay struggle to work with mosaic or something. 1. http://thread.gmane.org/gmane.comp.encryption.openssl.devel/23577/focus=23579
pgpVSDgES1Nir.pgp
Description: PGP signature
