Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ECDHE - ephemeral is missing in long description #46

Open
rugk opened this issue Nov 8, 2015 · 4 comments
Open

ECDHE - ephemeral is missing in long description #46

rugk opened this issue Nov 8, 2015 · 4 comments

Comments

@rugk
Copy link

rugk commented Nov 8, 2015

ecdhe

As you can see it uses ECDHE for the key exchange. In the long part you describe it as "Elliptic curve Diffie–Hellman". However ECDHE is actually the ephemeral version of it.
It's very important to distinguish them as they are both (ECDH and ECDHE) possible and only the ephemeral version provides Forward Secrecy.

Sources:
@rugk rugk changed the title ECDHE - ephemeral is missing ECDHE - ephemeral is missing in long description Nov 8, 2015
@Der-Orden
Copy link
Contributor

Not just in ECDHE, in DHE to.
And yes I failed something with the Link to the pull request ;)

@rugk
Copy link
Author

rugk commented Nov 9, 2015

Just copy & paste the URL.
Fixed by #47

@rugk rugk mentioned this issue Nov 9, 2015
Merged
@sibiantony
Copy link
Owner

Indeed, it is the ephemeral keys that guarantee the PFS score.
It was simply not displayed for many reasons. Firefox stopped supporting all "ecdh" and "dh" key exchange some time ago. So if the key exchange is Diffie-Hellmann it is based on ephemeral keys. If you look at the list of supported ciphersuites it's only dhe, ecdhe or rsa for key exchange.

Adding text 'ephemeral' makes the key exchange line lengthy without word wrapping around panel width - but that's not much of an argument, and I would as well prefer to show as much detail as possible.

That said, If you've a better place where to display 'ephemeral' (after Perfect Forward Secrecy etc), do share it. Or else, I'll just merge the above PR, which is the easiest way to go.

@rugk
Copy link
Author

rugk commented Nov 9, 2015

Firefox stopped supporting all "ecdh" and "dh" key exchange some time ago. [...] If you look at the list of supported ciphersuites it's only dhe, ecdhe or rsa for key exchange.

You're right. Interesting...

but that's not much of an argument, and I would as well prefer to show as much detail as possible.

Yes especially as it could confuse/mislead users if they search for it and find different results than they expected.

That said, If you've a better place where to display 'ephemeral' (after Perfect Forward Secrecy etc), do share it.

No, not really. Maybe a way with tooltips or so (which would have to be applied for everything there, so a major UI redesign would be needed), but practically: No.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sibiantony @Der-Orden @rugk