From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/85021 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.gnus.general Subject: Re: Diffie-Hellman key exchange has been lowered to 256 bits Date: Wed, 24 Sep 2014 16:55:44 -0400 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <874mvwlovj.fsf@lifelogs.com> References: <87mwd5z6hi.fsf@hornet.workgroup> Reply-To: ding@gnus.org NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1411592139 30099 80.91.229.3 (24 Sep 2014 20:55:39 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 24 Sep 2014 20:55:39 +0000 (UTC) To: ding@gnus.org Original-X-From: ding-owner+M33265@lists.math.uh.edu Wed Sep 24 22:55:32 2014 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XWtb1-000783-1u for ding-account@gmane.org; Wed, 24 Sep 2014 22:55:31 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1XWtau-0007dN-6g; Wed, 24 Sep 2014 15:55:24 -0500 Original-Received: from mx2.math.uh.edu ([129.7.128.33]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1XWtas-0007cu-DG for ding@lists.math.uh.edu; Wed, 24 Sep 2014 15:55:22 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx2.math.uh.edu with esmtps (TLSv1:AES128-SHA:128) (Exim 4.76) (envelope-from ) id 1XWtar-0006fb-2p for ding@lists.math.uh.edu; Wed, 24 Sep 2014 15:55:22 -0500 Original-Received: from plane.gmane.org ([80.91.229.3]) by quimby.gnus.org with esmtp (Exim 4.80) (envelope-from ) id 1XWtap-0003dS-J6 for ding@gnus.org; Wed, 24 Sep 2014 22:55:19 +0200 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1XWtao-0006sw-Js for ding@gnus.org; Wed, 24 Sep 2014 22:55:18 +0200 Original-Received: from c-98-229-61-72.hsd1.ma.comcast.net ([98.229.61.72]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 24 Sep 2014 22:55:18 +0200 Original-Received: from tzz by c-98-229-61-72.hsd1.ma.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 24 Sep 2014 22:55:18 +0200 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: ding@gnus.org Original-Lines: 19 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: c-98-229-61-72.hsd1.ma.comcast.net X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.4.50 (gnu/linux) Cancel-Lock: sha1:2za4h54HRPmNl7UZD5quwM4z+0o= X-Spam-Score: -3.6 (---) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:85021 Archived-At: On Sun, 22 Jun 2014 14:33:49 +0000 James Cloos wrote: >>>>>> "M" == Melleus writes: M> Emacs' gnutls security defaults have been changed. JC> With the default of 256 for gnutls-min-prime-bits, it shouldn't complain JC> about ecdh with SECP256R1. The fact that it does implies that the logic JC> around that variable is wrong. There is no logic, just a default. We had to pick a default value that wouldn't break too many users and encourage people to increase it. JC> It also shouldn't complain when the remote site, such as gmane, doesn't JC> offer ecdh. I think it should, since IIUC (but I'm not an expert) EC-DH eliminates the need for `gnutls-min-prime-bits' altogether. Ted