[securityguide] Added Crypto Policy feature

Eric Christensen sparks at fedoraproject.org
Fri Jun 27 13:31:50 UTC 2014 

commit e7b0dfcc21668d0aac28ecd9253c403fa978b41c
Author: Eric H Christensen <sparks at redhat.com>
Date:   Fri Jun 27 09:31:41 2014 -0400

    Added Crypto Policy feature

 en-US/Encryption.xml |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)
---
diff --git a/en-US/Encryption.xml b/en-US/Encryption.xml
index 9b22d0c..ad937d6 100644
--- a/en-US/Encryption.xml
+++ b/en-US/Encryption.xml
@@ -64,6 +64,12 @@ AuthorizedKeysFile	.ssh/authorized_keys</screen>The first line tells the SSH pro
 		<para>Similarly to passwords and any other authentication mechanism, you should change your <application>SSH</application> keys regularly.  When you do make sure you clean out any unused key from the authorized_key file.</para>
 	</section>
   </section>
+  <section id="Security_Guide-Encryption-CryptoPolicy">
+	<title>Crypto Policy</title>
+	<para>Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems. Users that must meet certain cryptographic standards can make the policy change in <filename>/etc/crypto-policies/config</filename>, and run update-crypto-policies. At this point applications that are utilize the default set of ciphers in the GnuTLS and OpenSSL libraries will follow the policy requirements.</para>
+	<para>The available options are: (1) <literal>LEGACY</literal>, which ensures compatibility with legacy systems - 64-bit security, (2) <literal>DEFAULT</literal>, a reasonable default for today's standards - 80-bit security, and (3) <literal>FUTURE</literal>, a conservative level that is believed to withstand any near-term future attacks - 128-bit security. These levels affect SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes.</para>
+	<para>Additional information on this new feature can be found on the <ulink url="https://fedoraproject.org/wiki/Changes/CryptoPolicy">CryptoPolicy Changes wiki page</ulink>.</para>
+  </section>
   <xi:include href="DiskEncryptionUserGuide.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
   <xi:include href="Using_GPG.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include>
  </section>

More information about the docs-commits mailing list