-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Wed, Jun 04, 2014 at 03:15:33PM +0200, Nikos Mavrogiannopoulos wrote: > On Wed, 2014-06-04 at 09:05 -0400, Simo Sorce wrote: > > > > According to > > > > http://www.keylength.com/en/compare/ > > > > the asymetric sizes do not match the symmetric size according to most > > > > sources listed on http://www.keylength.com/en/compare/. > > > > > > That's old version. New one (https://fedoraproject.org/wiki/Changes/CryptoPolicy) > > > is: > > > Legacy: 767+ > > > default: 1023+ > > shouldn't this be 2047+ ? > > If we do that then the applications that use these settings will be > unable to talk to any servers that offer 1024 keys. Given the number of > these servers that would be a good reason for applications not switching > to this centrally managed configuration system. That is we'd have these > settings as in a museum and no-one will be using them. Who still uses 1024-bit keys? You aren't finding a CA to sign them. - -- Eric - -------------------------------------------------- Eric "Sparks" Christensen Red Hat, Inc - Product Security Team sparks@xxxxxxxxxx - sparks@xxxxxxxxxxxxxxxxx 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJTkIGEAAoJEB/kgVGp2CYvV6AMAICeOlw6kmcmns2J6f/BY5L8 sAeABmltb7ntk7kfyxsqonDDyI5ummfQGzDi9Z1T0OXr1WbFPSunsbwA6gRVpPmV HOFgoVjdUxPzsQ4Gun1NxYCrTvIEtt9uY+CtvU/OuOHU4OHDxcivVtTkB2kpF2V9 lNwMFX9Gf8221lzG+4jCXP1lfUFKm/azJqqtMdzfl3edSQv60zTh4LsvpdIpgcZY 3T8nD9hEcFwKXzYKkGhMqT/O2YqDG/IxfYn/vF/Hnhg/god+XuoboMWP+q4nI5u4 d/W7PF9r9+oJFGzABKYZhC9d1IqblJuNknHKvXBDhl9boCGN3mlYQP+4tGjzJC58 rcYxi25YYDVSyO2eSF4DnioItalA1CtoJ2tCUF1Z7HouPlH18hr6xHOyZxmeo5sB DcfgwbXw7eQtE7KA2xqJrOURo3lk76oz+QKCK10H5OCgWeIhDMuKyWBfct85nDK5 kIe2bN0izwNBmx1LhHRmQUW2oz8ZJW2wJTp0h+aLcg== =hCIj -----END PGP SIGNATURE----- -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
