Closed lukepopp closed 5 years ago
NationalAustraliaBank
commented
5 years ago NAB is aligned with FAPI and we are supportive of the BCP195 standards (https://tools.ietf.org/html/bcp195). However, we support the adoption of the recommended mitigating control for Diffie-Hellman ciphers by increasing the default key length in use (i.e. >2048 bits). This recommendation should be made mandatory to mitigate the perceived weakness of the cipher. The use of PFS should also be considered.
jogu
commented
5 years ago FAPI part 1 ID 2 states:
The recommendations for Secure Use of Transport Layer Security in [BCP195] shall be followed
This upgrades any recommendations in BCP195 to mandatory.
https://tools.ietf.org/html/bcp195#section-4.3 states:
With a key exchange based on modular exponential (MODP) Diffie- Hellman groups ("DHE" cipher suites), DH key lengths of at least 2048 bits are RECOMMENDED.
So I believe >= 2048 bits DHE keys are already required by the existing specifications and no changes are needed.
@NationalAustraliaBank can you clarify why you believe PFS is currently not required? I cannot currently see a way that a compliant implementation would not have forward secrecy.
JamesMBligh
commented
5 years ago Has this question be sufficiently addressed? If it has I will close. If there are specific issues to be addressed in the standard then please indicate a suggested change and I will leave the thread open.
-JB-
Under FAPI-RW, the following Ciphers are permitted:
Issues:
DHE is recommended to be used with key sizes of >=2048
older clients (for example Java 7 or unpatched Window Servers) may only support 1024 bit keys
Does the FAPI list require restricting?