issues with DHE group parameter selection (PFS is not yet a panacea)
issues with DHE group parameter selection (PFS is not yet a panacea)
Posted Nov 8, 2013 11:52 UTC (Fri) by Jonno (subscriber, #49613)In reply to: issues with DHE group parameter selection (PFS is not yet a panacea) by dkg
Parent article: Let's talk about perfect forward secrecy
It seems to me that if 768 bits is the lowest size commonly used, that should be the cut off for trusted communication, and sites using a smaller DHE group should be treated the same way as those presenting an invalid certificate (as in both cases you got something that isn't worse than plain HTTP, but not as secure as you would expect from HTTPS).
That said, I think it makes sense to require 2048 bit DHE groups for the green bar (EV Certificates), as those are supposed to be more trustworthy than regular HTTPS sites, and has a graceful fallback (regular HTTPS with padlock icon but no green bar).