Feds put heat on Web firms for master encryption keys
grarpamp
grarpamp at gmail.com
Fri Jul 26 13:52:02 PDT 2013
> inconsistent (client and server) software support
This is taken care of by preferences. Set the highest you
are able to support and keep pushing it higher. Clients do
the same. It's negotiable preferences, no flag days, everyone
wins.
> At a guess, I'd say a mix of laziness,
> and worries about additional CPU overhead.
These are more common.
> I had to pull Apache 2.4 out of Sid
Unfortunately port/package repos can be a bit behind
state of the art. Locally... untar ; ./configure ; make
is not that hard to learn.
> corporate policy
If only as to doing mandated things like TLS termination and DPI.
> Turning off non-FS algos breaks SSL for a *lot* of people.
Set preferences, not hard cutoffs.
> So the many servers where OpenSSL isn't getting upgraded any
> time soon can't do it either.
I've only found compiling new software on old systems to be
a problem like this. ie: 1.0.1 won't compile on them. I grant that
it can be hard to migrate off old platforms.
> submit bugs against the web server packages from the usual
> suspects (debian et al) asking them to turn on forward secrecy
> by default?
Legitimately squeaky wheels get greased first.
More information about the cypherpunks
mailing list