[erlang-questions] How safe is it to leave an open SSL port on the public internet?

Technion <>
Fri Sep 1 02:13:17 CEST 2017


Hi,


Since this is a discussion around SSL, you're choices are down to what is a part of the TLS spec. Those choices are precisely between RSA, and ECC. In the upcoming TLS1.3, RSA has been dropped.

GPG only just introduced ECC support. The highly trusted libsodium uses ECC. A well respected "best practices" guide places ECC in the recommended section:
https://gist.github.com/atoponce/07d8d4c833873be2f68c34f9afc5a78a


There are valid concerns around the future impact of quantum computing here, but it's currently the best option. It's certainly not true to say "the NSA has deprecated ECC", several current NIST standards recommend ECC moving forward. The only real debate is supporting the dubious NIST curves, or the alternate 25519 we've seen in TLS 1.3.

I wouldn't suggest for current, practical discussions there needs to be a warning against ECC.


________________________________
From:  <> on behalf of code wiget <>
Sent: Thursday, 31 August 2017 4:03 AM
To: Fred Hebert
Cc: Erlang-Questions Questions
Subject: Re: [erlang-questions] How safe is it to leave an open SSL port on the public internet?

Also, Fred, I re-read your post and wanted to either start a quick discussion/warn you about elliptic curves. According to the NSA: "the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, which has made it clear that elliptic curve cryptography is not the long term solution many once hoped it would be.”

The NSA has deprecated ECC, whether or not that means that some foreign actor has a crack or if they are that worried about quantum computing is to be seen, but for now it seems like we should be moving away from ECC.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20170901/863d0bf8/attachment.html>


More information about the erlang-questions mailing list