-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Wed, Jun 04, 2014 at 03:15:33PM +0200, Nikos Mavrogiannopoulos wrote:
On Wed, 2014-06-04 at 09:05 -0400, Simo Sorce wrote:
> > > According to
> > >
http://www.keylength.com/en/compare/
> > > the asymetric sizes do not match the symmetric size according to most
> > > sources listed on
http://www.keylength.com/en/compare/.
> >
> > That's old version. New one
(
https://fedoraproject.org/wiki/Changes/CryptoPolicy)
> > is:
> > Legacy: 767+
> > default: 1023+
> shouldn't this be 2047+ ?
If we do that then the applications that use these settings will be
unable to talk to any servers that offer 1024 keys. Given the number of
these servers that would be a good reason for applications not switching
to this centrally managed configuration system. That is we'd have these
settings as in a museum and no-one will be using them.
Who still uses 1024-bit keys? You aren't finding a CA to sign them.
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Red Hat, Inc - Product Security Team
sparks(a)redhat.com - sparks(a)fedoraproject.org
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJTkIGEAAoJEB/kgVGp2CYvV6AMAICeOlw6kmcmns2J6f/BY5L8
sAeABmltb7ntk7kfyxsqonDDyI5ummfQGzDi9Z1T0OXr1WbFPSunsbwA6gRVpPmV
HOFgoVjdUxPzsQ4Gun1NxYCrTvIEtt9uY+CtvU/OuOHU4OHDxcivVtTkB2kpF2V9
lNwMFX9Gf8221lzG+4jCXP1lfUFKm/azJqqtMdzfl3edSQv60zTh4LsvpdIpgcZY
3T8nD9hEcFwKXzYKkGhMqT/O2YqDG/IxfYn/vF/Hnhg/god+XuoboMWP+q4nI5u4
d/W7PF9r9+oJFGzABKYZhC9d1IqblJuNknHKvXBDhl9boCGN3mlYQP+4tGjzJC58
rcYxi25YYDVSyO2eSF4DnioItalA1CtoJ2tCUF1Z7HouPlH18hr6xHOyZxmeo5sB
DcfgwbXw7eQtE7KA2xqJrOURo3lk76oz+QKCK10H5OCgWeIhDMuKyWBfct85nDK5
kIe2bN0izwNBmx1LhHRmQUW2oz8ZJW2wJTp0h+aLcg==
=hCIj
-----END PGP SIGNATURE-----