Re: Crypto guidelines for Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2014-03-30 at 14:43 +0200, Pavel Kankovsky wrote:
> On Sat, 21 Dec 2013, Till Maas wrote:
> 
> > ENISA recommends to at least RSA 3072 keys: [...]
> > If e.g. AES-256 is used. RSA 15360 is recommended for long-term usage.
> >
> > Therefore I would like to propose a packaging guideline about which
> > minimum key size software in Fedora should generate by default. It seems
> > to me that requiring RSA 3072 key by default in Fedora is a good initial
> > compromise. [...]
> 
> I know I am very late but let me add a comment: according to ENISA,
> "near-term" means "at least 10 years" and "long-term" means "30 to 50
> years". (*)
> 
> I do not think a particular SSH, TLS or similar key--at least unless it is
> stored in a HSM (**)--should be used for 10 or more years, therefore it is
> somewhat questionable how and to what extent ENISA recommendations are
> relevant.

I don't understand what do you mean using SSH and TLS for 10 or more
years, but we have an expectation of secrecy of data for 10 or more
years. When you do a TLS or SSH session you don't expect that your
transferred data will be leaked within a few months or a year later.

regards,
Nikos


--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux