On Sat, Jan 22, 2011 at 10:24:35PM +0100, Ralf Hildebrandt wrote:
> Incidentially, I recompiled Postfix against opensssl-1.0 yesterday :)
> I still have to find out if the DFN-PKI-CA (which we're using) is
> issuing certs on ECC keys
There are no mainstream CAs issuing certificates for ECC public
* Ralf Hildebrandt :
> Incidentially, I recompiled Postfix against opensssl-1.0 yesterday :)
> I still have to find out if the DFN-PKI-CA (which we're using) is
> issuing certs on ECC keys
>
> I could just try that :)
> Like... now :)
Doesn't work. It triggers an error in the webinterface for th
* Ralf Hildebrandt :
> I can recommend this PDF:
> http://blogs.sun.com/jyrivirkki/resource/ECC-TLS-BOF-6958.pdf
> und dies hier in Deutsch:
> http://www.weblearn.hs-bremen.de/risse/papers/IIAkolloq080115/elliptic.pdf
>
> Short: The 2007 PDF says that the best known attacks against ECC are
> "wor
* lst_ho...@kwsoft.de :
> May i ask what the big advantages of the new ciphers are? From what i
> have heard they are somewhat faster and deemed to be more secure, but
> is this urgently needed for TLS?
I can recommend this PDF:
http://blogs.sun.com/jyrivirkki/resource/ECC-TLS-BOF-6958.pdf
und di
Zitat von Victor Duchovni :
The Postfix 2.8 SMTP server will not be alone in enabling server-side
Elliptic Curve Diffie-Hellman key-agreement.
Hosted domains served by smtproutes.com (e.g. saybrook.edu)
have ECDHE ciphers enabled:
Trusted TLS connection established to
saybrook.edu.pri
The Postfix 2.8 SMTP server will not be alone in enabling server-side
Elliptic Curve Diffie-Hellman key-agreement.
Hosted domains served by smtproutes.com (e.g. saybrook.edu)
have ECDHE ciphers enabled:
Trusted TLS connection established to
saybrook.edu.pri-mx.smtproutes.com[174.36.154.1