-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/05/2014 08:41 AM, Eric H. Christensen wrote:
On Wed, Jun 04, 2014 at 03:15:33PM +0200, Nikos Mavrogiannopoulos
wrote:
> On Wed, 2014-06-04 at 09:05 -0400, Simo Sorce wrote:
>>>> According to
http://www.keylength.com/en/compare/ the
>>>> asymetric sizes do not match the symmetric size according
>>>> to most sources listed on
>>>>
http://www.keylength.com/en/compare/.
>>>
>>> That's old version. New one
>>> (
https://fedoraproject.org/wiki/Changes/CryptoPolicy) is:
>>> Legacy: 767+ default: 1023+
>> shouldn't this be 2047+ ?
> If we do that then the applications that use these settings will
> be unable to talk to any servers that offer 1024 keys. Given the
> number of these servers that would be a good reason for
> applications not switching to this centrally managed
> configuration system. That is we'd have these settings as in a
> museum and no-one will be using them.
Who still uses 1024-bit keys? You aren't finding a CA to sign
them.
-- Eric
Some legacy hardware, stuff with brain dead interfaces that doesn't
give an option to create longer keys. I can't name anything off hand
(it's been years since I saw anything like this) but I have to assume
they're still out there in production.
- --
Kurt Seifried - Red Hat - Product Security - Cloud stuff and such
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJTkJaTAAoJEBYNRVNeJnmTQt4QAIyGaEcaD6ynSwMbeVOe4fit
foxQVG0ddKVTUuwUPWEGbcPe3HEUMPEhJ8iduLoJay4FBzesouUEdHxL1FQZ1zT2
wBGjDx6RTWnUSeYsWRgRW4LzS6zhNZp5690z0P7qQ0JznO9prlqn1lyohHm41tWV
gtf0xNjKyQsPMGYlzLPvrEpuOicdnPEkLxLawB8XNr5kwPxycK8CeTRlphNlmk+x
UNDzrPkoE4yIhyt+8ls44AW7NfKH+EWvkcX7P353xsrQ5YMHVm/lOrx7aZbJgLXe
Sl8ZkW437nhqaswm4wVMlLIto3ene4VR5RVLIhYs8nSzRWSNydST1TsDVSFj3M+1
X1oCxzEfGOXckCrxzktkLupulzn08//bdWp5GFRSR331EGwoB1k0FqxjxXy25FPD
8+4iK8mk1fyyHnHg6qT9WMoUcJ9IsWkbtl1A7isQ/cqtaV/cDG9/AbFiHY/CgCFd
VqXhOD6/f8lBgh4CspWdQsDnvSDmoOEdDre20Y/mjsbriFNC3Zy0jPri1bN/aeOj
9e0AipkYkcQGpZ+SeYXmUxk+wjocIeTtaPzk8htDZsm1YsJE3w5lxzsGj/Y2Srg5
YBzfIkhgu3kLPInPd/tx4cofZv7LaXAYZ2RXN6OetZvqX/xXVkaK9JO+ef4JCC8C
Hk5znS1T0S/gCjntPo7E
=mMlN
-----END PGP SIGNATURE-----