Boulder: Allow secp521r1 for dual-certificate (ECDSA+RSA) postfix setup

Created on 27 Aug 2016  路  3Comments  路  Source: letsencrypt/boulder

I would love to use the same security level as symmetric 265 bit (Level: 8 https://www.keylength.com/en/3/ ) with asymmetric crypto for mail delivery. Nearly everyone uses OpenSSL. Old Windows servers can still connect via RSA. I don't want to be forced to use self-signed certs any longer. https://ssl-tools.net/mailservers/terrax.net Because acme.sh supports "ec-521", it would be enough to enable it on the server side (and not in the LE client for normal users).

Most helpful comment

A long time ago, there was somebody who implemented an algorithm whitelist in boulder:

Disabled P521 for now. You can uncomment it safely if you wish. https://github.com/letsencrypt/boulder/pull/1298#issuecomment-167356451

Reopening the original Issue https://github.com/letsencrypt/boulder/issues/2143 with this.

@rolandshoemaker
won't fix for now. https://github.com/letsencrypt/boulder/issues/2143#issuecomment-243872905

  • Browser support hasn't changed

-> Solved. Mozilla wants to keep P-521, to implement new curves and to force Google to follow. Apple and Android always had P-521. You can use it on Windows Servers and you can activate it in Windows Clients (mostly already done in business enviroments).

  • NSS is considering dropping it

-> Solved. Closed as wontfix. They don't want to weaken security.

  • dependencies that we rely on, such as SoftHSM, don't support secp521r1 which would prevent us

-> Solved. SoftHSM implemented P-521 25 days ago

So it would be fine to enable P-521 for manual requests over acme to not confuse normal users of the letsencrypt client.

All 3 comments

Closing as duplicate of #1592/won't fix for now. Browser support hasn't changed, Chrome dropped support and NSS is considering dropping it. Browser based SSL/TLS is our main focus so the extra complexity just isn't worth it yet.

It should also be noted that a number of dependencies that we rely on, such as SoftHSM, don't support secp521r1 which would prevent us from doing any local testing for that curve.

It's worth fighting for keeping long-term security encryption (P-521) in NSS! :-)
Only because Google wants to clean their code for their needs, other users shouldn't be forced to optimize everything for Chrome. ^^ We want to use long-term encryption for the browsers (only firefox) and mail clients (thunderbird) of the members of our non-profit organization.

Please consider this: https://github.com/letsencrypt/boulder/pull/1298#issuecomment-167356451
"Disabled P521 for now. You can uncomment it safely if you wish."

A long time ago, there was somebody who implemented an algorithm whitelist in boulder:

Disabled P521 for now. You can uncomment it safely if you wish. https://github.com/letsencrypt/boulder/pull/1298#issuecomment-167356451

Reopening the original Issue https://github.com/letsencrypt/boulder/issues/2143 with this.

@rolandshoemaker
won't fix for now. https://github.com/letsencrypt/boulder/issues/2143#issuecomment-243872905

  • Browser support hasn't changed

-> Solved. Mozilla wants to keep P-521, to implement new curves and to force Google to follow. Apple and Android always had P-521. You can use it on Windows Servers and you can activate it in Windows Clients (mostly already done in business enviroments).

  • NSS is considering dropping it

-> Solved. Closed as wontfix. They don't want to weaken security.

  • dependencies that we rely on, such as SoftHSM, don't support secp521r1 which would prevent us

-> Solved. SoftHSM implemented P-521 25 days ago

So it would be fine to enable P-521 for manual requests over acme to not confuse normal users of the letsencrypt client.

Was this page helpful?
0 / 5 - 0 ratings