> On Jan 10, 2018, at 5:38 PM, J Doe <gene...@nativemethods.com> wrote: > > Hi, > > I had two short questions regarding Postfix’s elliptic curve support for the > SMTP server. > > 1. Under the man documentation for: tls_eecdh_strong_curve the documentation > states > “...approximately 128-bit security...”. Is that saying that it is equivalent > to > 128-bits RSA or it provides an elliptic curve key size of nearly 128-bits ?
No, it is 2^128 work-factor, as in AES-128 or RSA ~3072. You should generally not change tls_eecdh_strong_curve. 128-bit RSA is *not* 128-bit security. See: http://www.postfix.org/postconf.5.html#smtpd_tls_eecdh_grade > 2. To make use of elliptic curve encryption a TLS certificate must have been > made with support for elliptic curves, correct? EECDH key-agreement is largely independent of the certificate type. You can EECDH key agreement with either RSA or ECDSA certificates. > A TLS certificate using RSA keys will not work? Actually it works just fine. RSA certificates are used to *authenticate* the key exchange, which performed via EECDH. See also http://www.postfix.org/FORWARD_SECRECY_README.html -- Viktor.
