Re: Crypto guidelines for Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm willing to change, being as a maintainer of dropbear.

But I don't know the standard is encouraged only in EU or USA, also can expert's opinion represent all requirements?

Thanks.

On Jan 3, 2014 12:53 AM, "Miloslav Trmač" <mitr@xxxxxxxx> wrote:
On Sat, Dec 21, 2013 at 9:38 AM, Till Maas <opensource@xxxxxxxxx> wrote:
> Therefore I would like to propose a packaging guideline about which
> minimum key size software in Fedora should generate by default.

Such guidelines would be very desirable.  The following needs to be addressed:

* Do we have the expertise to define the requirements?  We could just
follow the ENISA report or
http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf ,
but each such publication has a risk of carrying an agenda.  (Note
that choosing the algorithms is just as important as choosing the key
sizes.)

* Do we have the expertise to follow the requirements?  The package
maintainers would have to understand the source code to a much deeper
extent than we've typically required.  (I do think such a change in
expectations would be a very good thing.)

* Can we actually get this done?  Uses of MD5 and DES are probably a
bigger threat, and I'm afraid we haven't made that much progress on
eradicating them, over many years.
    Mirek
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux