[Ach] Dovecot DH parameters

Aaron Zauner azet at azet.org
Tue Feb 10 15:17:49 CET 2015


Hanno Böck wrote:
> (there's lots of confusion about these DH params... E.g. there seems
> also to be a persistent myth that you cannot share the same params
> between servers - which is totally bogus)

It's theoretically possible though that automatic generation of DH
params might yield insecure ones. This is why I'd like not to suggest
generating DH params in this document. Seems like the FFDHE draft is
going to be accepted from what I take from the TLS-WG list. It's
probably going to be completely ignored by implementors unless people
open issues or send patches.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150210/272ae129/attachment.sig>

More information about the Ach mailing list