Re: New "TLS Forward Secrecy" document

2014-01-05 Thread Wietse Venema
micah: > I completely agree, however it seems we do not agree with the matching > names should be. That is precisely why I write this message. The postfix > parameter names and documentation should adopt the standardized names > that openssl is changing to. As it is written now, the postfix TLS We

Re: New "TLS Forward Secrecy" document

2014-01-05 Thread micah
Viktor Dukhovni writes: > On Sun, Jan 05, 2014 at 06:31:46PM -0500, micah wrote: > >> > Given cipherlist class names: >> > >> >kEECDH - cipher suites that support Ephemeral ECDH key exchange >> >kEDH- cipher suites that support Ephemeral DH key exchange >> >> I'm sorry, but I have n

Re: New "TLS Forward Secrecy" document

2014-01-05 Thread Viktor Dukhovni
On Sun, Jan 05, 2014 at 06:31:46PM -0500, micah wrote: > > Given cipherlist class names: > > > > kEECDH - cipher suites that support Ephemeral ECDH key exchange > > kEDH- cipher suites that support Ephemeral DH key exchange > > I'm sorry, but I have no idea what "cipherlist class nam

Re: New "TLS Forward Secrecy" document

2014-01-05 Thread micah
Hi Viktor, Thanks for the reply. Viktor Dukhovni writes: > On Thu, Jan 02, 2014 at 06:03:40PM -0500, micah wrote: > >> I notice that you are using OpenSSL's private terminology (EDH and >> EECDH) instead of the standard terminology (DHE and ECDHE). > > Given cipherlist class names: > > k

Re: New "TLS Forward Secrecy" document

2014-01-02 Thread Viktor Dukhovni
On Thu, Jan 02, 2014 at 06:03:40PM -0500, micah wrote: > I notice that you are using OpenSSL's private terminology (EDH and > EECDH) instead of the standard terminology (DHE and ECDHE). Given cipherlist class names: kEECDH - cipher suites that support Ephemeral ECDH key exchange

Re: New "TLS Forward Secrecy" document

2014-01-02 Thread micah
Wietse Venema writes: > Postfix has supported forward secrecy for TLS since version 2.2 > when the TLS patch was adopted into Postfix. Things have changed a > lot since then, both in TLS and in the real world. > > Viktor wrote up a FORWARD_SECRECY_README that summarizes the Postfix > side of thin

Re: New "TLS Forward Secrecy" document

2013-12-19 Thread Titanus Eramius
On Wed, 18 Dec 2013 15:15:34 -0500 (EST) wie...@porcupine.org (Wietse Venema) wrote: > Postfix has supported forward secrecy for TLS since version 2.2 > when the TLS patch was adopted into Postfix. Things have changed a > lot since then, both in TLS and in the real world. > > Viktor wrote up a FO

New "TLS Forward Secrecy" document

2013-12-18 Thread Wietse Venema
Postfix has supported forward secrecy for TLS since version 2.2 when the TLS patch was adopted into Postfix. Things have changed a lot since then, both in TLS and in the real world. Viktor wrote up a FORWARD_SECRECY_README that summarizes the Postfix side of things all in one place. Available now