Re: [exim-dev] [Bug 1837] small subgroup attack

On 2016-05-29 at 02:10 -0400, Viktor Dukhovni wrote:
> But, (broken record), do yourself a favour and just drop these groups...

We can change the default. We can add new groups.

We won't remove documented values, exposed to configuration, short of a
release where we are accepting non-backwards-compatible changes. We
particularly can't immediately remove a value which was documented as
the default.

We should "fix" the groups present even if they're no longer the
default, so that they're less dangerous.

nb: my crypto knowledge is mostly at the "dangerous" level, not skilled.
I didn't know that the addition of 'q' made DH stored values into DSA
values. This is why, for a long time, we refused to put crypto policy
into Exim and tried to just use OpenSSL defaults. We're being bitten
here because in 2012 I tried to do the safest thing possible to make DH
work for everyone, reliably.

-Phil