commit e7b0dfcc21668d0aac28ecd9253c403fa978b41c
Author: Eric H Christensen <sparks(a)redhat.com>
Date: Fri Jun 27 09:31:41 2014 -0400
Added Crypto Policy feature
en-US/Encryption.xml | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
---
diff --git a/en-US/Encryption.xml b/en-US/Encryption.xml
index 9b22d0c..ad937d6 100644
--- a/en-US/Encryption.xml
+++ b/en-US/Encryption.xml
@@ -64,6 +64,12 @@ AuthorizedKeysFile .ssh/authorized_keys</screen>The first line
tells the SSH pro
<para>Similarly to passwords and any other authentication mechanism, you should
change your <application>SSH</application> keys regularly. When you do make
sure you clean out any unused key from the authorized_key file.</para>
</section>
</section>
+ <section id="Security_Guide-Encryption-CryptoPolicy">
+ <title>Crypto Policy</title>
+ <para>Beginning in Fedora 21, a system-wide crypto policy will be available for
users to quickly setup the cryptographic options for their systems. Users that must meet
certain cryptographic standards can make the policy change in
<filename>/etc/crypto-policies/config</filename>, and run
update-crypto-policies. At this point applications that are utilize the default set of
ciphers in the GnuTLS and OpenSSL libraries will follow the policy
requirements.</para>
+ <para>The available options are: (1) <literal>LEGACY</literal>, which
ensures compatibility with legacy systems - 64-bit security, (2)
<literal>DEFAULT</literal>, a reasonable default for today's standards -
80-bit security, and (3) <literal>FUTURE</literal>, a conservative level that
is believed to withstand any near-term future attacks - 128-bit security. These levels
affect SSL/TLS settings, including elliptic curve, signature hash functions, and
ciphersuites and key sizes.</para>
+ <para>Additional information on this new feature can be found on the <ulink
url="https://fedoraproject.org/wiki/Changes/CryptoPolicy">Cr...
Changes wiki page</ulink>.</para>
+ </section>
<xi:include href="DiskEncryptionUserGuide.xml"
xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
<xi:include href="Using_GPG.xml"
xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
</section>