Re: available crypto policies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

----- Original Message -----
> From: "Simo Sorce" <simo@xxxxxxxxxx>
> To: "Hubert Kario" <hkario@xxxxxxxxxx>
> Cc: "Till Maas" <opensource@xxxxxxxxx>, security@xxxxxxxxxxxxxxxxxxxxxxx
> Sent: Wednesday, June 4, 2014 3:05:03 PM
> Subject: Re: available crypto policies
> 
> On Wed, 2014-06-04 at 08:47 -0400, Hubert Kario wrote:
> > ----- Original Message -----
> > > From: "Till Maas" <opensource@xxxxxxxxx>
> > > To: security@xxxxxxxxxxxxxxxxxxxxxxx
> > > Sent: Wednesday, June 4, 2014 9:46:13 AM
> > > Subject: Re: available crypto policies
> > 
> > That's old version. New one
> > (https://fedoraproject.org/wiki/Changes/CryptoPolicy)
> > is:
> > Legacy: 767+
> > default: 1023+
> 
> shouldn't this be 2047+ ?

No, approx. more than 0.5% of Internet servers still use 1024 bit
certificates, we also still trust 1024 bit CA roots.

It also matches accepting SHA-1 signatures in certificates.
-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Email: hkario@xxxxxxxxxx
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux