On Mon, Jan 02, 2023 at 12:57:05PM -0500, Wietse Venema wrote:
> > But doing this in a backwards-compatible way, that still works for any
> > users who were brave enough to set "tls_eecdh_auto_curves" expecting
> > to just limit the EC groups, means that we'll need two parameters with
> > the below defaults:
> >
> > tls_eecdh_auto_curves = X25519 X448 prime256v1 secp521r1 secp384r1
> > tls_ffdhe_auto_groups = ffdhe2048 ffdhe3072
> >
> > When Postfix is linked with OpenSSL 3.0, the two lists will be merged
> > together.
> >
> > Any comments or questions?
>
> Assuming that these finite fields are different than the finite
> fields that elliptic curve cryptography is based on, the proposed
> parameter structure seems sensble to me.
Yes, indeed the underlying coefficient finite fields for the EC groups
are not based on the same primes as any of the FFDHE groups, and even
if some of the primes were the same, these are still independent code
points.
I'll post a patch before too long.
--
Viktor.
