System-wide crypto policy transition tracker
Nikos Mavrogiannopoulos
nmav at redhat.com
Wed Jan 7 09:14:05 UTC 2015
On Wed, 2015-01-07 at 09:18 +0100, Petr Spacek wrote:
> > Currently it contains bugs filled against openssl and gnutls
> > applications in Fedora. If you use some application which utilizes
> > SSL/TLS and isn't included in the tracker feel free to request it use
> > the policy, and include a link to the bug report in the tracker.
> >
> > The tracker also contains a dependency on NSS respecting the system
> > crypto policy: https://bugzilla.redhat.com/show_bug.cgi?id=1157720
>
> I wonder what is your plan moving forward. Is it going to be 'TLS policy'? Or
> are you planning to generalize it in future?
The greater plan was to apply to all crypto protocol apps. That depends
of course on turning various non-compatible knobs on different software.
My plan is to extend the policies step by step, but if you or anyone
else would feel like extending it now to an application or protocol
he/she uses, feel free. I've put a tracker page at:
https://fedoraproject.org/wiki/User:Nmav/FedoraCryptoPolicies
> E.g. DNSSEC-related software can be configured which algorithm list and key
> sizes too. I guess that the same applies to GnuPG.
The difficult part as I see it now is having each application/library
involved get its settings from a preconfigured file that is
automatically generated. If that is straightforward then only a
translation from existing three policies (LEGACY, DEFAULT, FUTURE), to
the application's format is needed.
regards,
Nikos
More information about the devel
mailing list