Bug#475194: D-H parameter generation is All Wrong
sacrificial-spam-address at horizon.com
sacrificial-spam-address at horizon.com
Thu Apr 10 15:35:33 UTC 2008
Marc Haber <mh+debian-packages at zugschlus.de> wrote:
> On Wed, Apr 09, 2008 at 10:34:00AM -0400, sacrificial-spam-address at horizon.com wrote:
>> The entire premise of the script /usr/share/exim4/exim4_refresh_gnutls-params
>> is based on a serious misapprehension of the role of Diffie-Hellman
>> parmeters in performing encryption.
>
> It is, however, in accordance with upstream's recommendations.
>
>> I wish I could come up with a polite way to put this, but the entire
>> thing smells strongly of cluon deficiency.
>
> Point taken. Please give the same advice upstream and we'll follow
> once upstream changed their recommendations.
I assume you're referring to the recommendations in section 39.3 of
spec.txt? That places (really secret) RSA key material in the same file.
Which nicely explains the otherwise perplexing permission bits.
But can you briefly explain the purpose of the RSA secret key there, and
why it is not included in the Debian package? Is it used for encryption,
signing, or both?
That will help me give appropriate advice upstream.
(If you don't know, I can RTFS, but it gets a bit tangled.)
Thank you very much!
More information about the Pkg-exim4-maintainers
mailing list