On Thu, Jan 02, 2014 at 06:03:40PM -0500, micah wrote:
> I notice that you are using OpenSSL's private terminology (EDH and
> EECDH) instead of the standard terminology (DHE and ECDHE).
Given cipherlist class names:
kEECDH - cipher suites that support Ephemeral ECDH key exchange
kEDH - cipher suites that support Ephemeral DH key exchange
it makes sense to have matching Postfix names in parameters and
documentation.
The best I can offer is to also mention ECDHE in the second bullet under
http://www.postfix.org/FORWARD_SECRECY_README.html#tls_fs
where we say that EDH also DHE, but don't say that EECDH is also ECDHE.
Dare I mention the fact that there are also kECDHe and kECDHr key
exchange cipher suite class names in OpenSSL and the first of these
has nothing to do EECDH/ECDHE? I think not. :-)
> My suggestion for dealing with this in this FORWARD_SECRECY_README is to
> change to using the standard terminology and just include a footnote
> about the non-standard names until those fade from our collective
> nightmare.
May all your 2014 nightmares be so tame, happy new year!
--
Viktor.
