help-gnutls
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS/NSS interop in Exim 4.80 RC


From: Nikos Mavrogiannopoulos
Subject: Re: GnuTLS/NSS interop in Exim 4.80 RC
Date: Tue, 22 May 2012 11:23:20 +0200

On Tue, May 22, 2012 at 11:15 AM, Patrick Pelletier
<address@hidden> wrote:

> It almost seems like a new TLS extension should be proposed, where the
> client can tell the server how many bits of DH it is willing to accept.
>  (Similar in spirit, although simpler than, the extension used to negotiate
> curves for elliptic curve.)  If the client sends the extension, then the
> server can know with confidence what size of DH params are acceptable.  If
> the client doesn't send the extension, the server can make a conservative
> assumption.  (Probably 2236 bits.)

Such an extension would be useful, as it could be used to communicate
the DH exponent size which now is only known to the server. That would
also optimize the key exchange. However I doubt that the WG would
accept such a modification (most probably such a proposal will be
answered with why don't you use ECDH?).

regards,
Nikos



reply via email to

[Prev in Thread] Current Thread [Next in Thread]