-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Mon, May 05, 2014 at 06:19:01PM +0200, Nikos Mavrogiannopoulos wrote:
On Mon, 2014-05-05 at 12:16 -0400, Eric H. Christensen wrote:
> > > > 3. Users switching to some other distribution that things just work.
> > > This is being done upstream of Fedora.
> >
> > The crypto policy is about fedora, we are upstream on that.
> >
https://fedoraproject.org/wiki/Changes/CryptoPolicy
>
> Yes, and this is largely going to be a server-side change. The default policy is
none (meaning whatever the software wants to do).
Could you please elaborate on what you mean above? The default policy
will not be none after the change. This is the whole purpose of the
change.
Wow, this feature has changed since the last time I looked at it. I was under the
impression this would only be used to force compliance with security policies.
Nonetheless, I don't disagree with DEFAULT, here. Using RC4 and MD5 is just asking
for trouble. Sure, it might break some things but 1) those sites should be fixed and 2)
using RC4 and MD5 is just providing a false sense of security. A line should be drawn
somewhere. Again, it's 2014... stop making bad crypto decisions.
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Red Hat, Inc - Product Security Team
sparks(a)redhat.com - sparks(a)fedoraproject.org
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJTZ7uTAAoJEB/kgVGp2CYviVkL/iLFw88/K/pYqkHRqTLwaOWc
7qc4VBkbnmf6jY+21XfBt+jLjR4Rk+HLav/nUonVM9ALwOha5WfNIoDaeYQzkodB
5ztXtGe/HaPHETPWfKG58Oqezfn0tUOxgJ/fJ+eGgWyfHd1FTXeZB+C8x07o2ggp
aElts8xYyRfilus+CmLp6g7zFWpMPZrkQOM5CD5K96LyMghLbpzfyfUsdfnrRrDV
onqeHGvpwAX7aUtpJu7PgMpN06rLfbhZcl78pLX2JnlpVkUBBiIexJQy6H73MhbV
PCE+vXpaBmzkwtsJ4Rre8ODwiae6n4ktPGBd+JzX5lZcV1K1M+ABwn9fx3pZhzyI
oeDCelDcs6fnu2EWVSngqrVsPTunBT5hmwqilKQgFHmeE/UokO8FJxFV77mtDyBx
oNcDGw1tti80AFycZer26EYPCwF3MMp8ClxemYWvBFehB76NT/v0908pGpcg7puu
QSLymXl10GBYRSgaR9my6ZeWmyjnMfJBMh8rAfuA6A==
=uqiV
-----END PGP SIGNATURE-----