proposed text for crypto-policies in Packaging Guidelines
Nikos Mavrogiannopoulos
nmav at redhat.com
Fri Aug 8 09:55:42 UTC 2014
On Fri, 2014-08-08 at 10:34 +0100, Tristan Santore wrote:
> What about GNUPG ?
> And what will that default be set to ?
Nothing. It is outside the scope for now. The idea is to extend to all
applications we can though, but currently, unless someone contributes an
enhancement, it is restricted to TLS/SSL and openssl/gnutls.
> Because certain ciphers that NIST
> seems to think are OK, are not OK, as we found out.
Which ciphers are those? Most probably you are referring to the EC-dual
DRBG random generator. I don't believe we ever had that. It was a bad
choice for both technical and security reasons.
> And who decides
> which cyphers are good in that context ?
> Are we following bettercrypto.org's paper ?
We do, by following many recommendations. Not only NIST's, and not only
bettercrypto's.
regards,
Nikos
More information about the security
mailing list