proposed text for crypto-policies in Packaging Guidelines
Nikos Mavrogiannopoulos
nmav at redhat.com
Fri Aug 8 13:21:20 UTC 2014
On Fri, 2014-08-08 at 09:05 -0400, Eric H. Christensen wrote:
> On Fri, Aug 08, 2014 at 10:20:29AM +0200, Nikos Mavrogiannopoulos wrote:
> > Hello,
> > I plan to submit the following text for packaging guidelines regarding
> > crypto policies. Are there any comments or suggestions?
>
> I like it. I wonder what work is being done on other packages (like mod_ssl) to have them point to the system default by... umm... default. I'm sure there are others (postfix) that would similarly benefit from a default conf file update.
That is the idea. I've filled a small number of bugs (that include
mod_ssl) which currently block #1076390 [0]. The plan is to have any
issues figured out with this small set, and then fill bugs for most of
the packages before F22.
Postfix is a different kind of beast though. It does not typically use
TLS, but uses some kind of opportunistic security that allows anonymous
ciphersuites. So it's a bit hard to enforce anything there, as
man-in-the-middle attacks are possible by design.
regards,
Nikos
[0]. https://bugzilla.redhat.com/show_bug.cgi?id=1076390
More information about the security
mailing list