-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/05/2014 08:41 AM, Eric H. Christensen wrote: > On Wed, Jun 04, 2014 at 03:15:33PM +0200, Nikos Mavrogiannopoulos > wrote: >> On Wed, 2014-06-04 at 09:05 -0400, Simo Sorce wrote: >>>>> According to http://www.keylength.com/en/compare/ the >>>>> asymetric sizes do not match the symmetric size according >>>>> to most sources listed on >>>>> http://www.keylength.com/en/compare/. >>>> >>>> That's old version. New one >>>> (https://fedoraproject.org/wiki/Changes/CryptoPolicy) is: >>>> Legacy: 767+ default: 1023+ >>> shouldn't this be 2047+ ? > >> If we do that then the applications that use these settings will >> be unable to talk to any servers that offer 1024 keys. Given the >> number of these servers that would be a good reason for >> applications not switching to this centrally managed >> configuration system. That is we'd have these settings as in a >> museum and no-one will be using them. > > Who still uses 1024-bit keys? You aren't finding a CA to sign > them. > > -- Eric Some legacy hardware, stuff with brain dead interfaces that doesn't give an option to create longer keys. I can't name anything off hand (it's been years since I saw anything like this) but I have to assume they're still out there in production. - -- Kurt Seifried - Red Hat - Product Security - Cloud stuff and such PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTkJaTAAoJEBYNRVNeJnmTQt4QAIyGaEcaD6ynSwMbeVOe4fit foxQVG0ddKVTUuwUPWEGbcPe3HEUMPEhJ8iduLoJay4FBzesouUEdHxL1FQZ1zT2 wBGjDx6RTWnUSeYsWRgRW4LzS6zhNZp5690z0P7qQ0JznO9prlqn1lyohHm41tWV gtf0xNjKyQsPMGYlzLPvrEpuOicdnPEkLxLawB8XNr5kwPxycK8CeTRlphNlmk+x UNDzrPkoE4yIhyt+8ls44AW7NfKH+EWvkcX7P353xsrQ5YMHVm/lOrx7aZbJgLXe Sl8ZkW437nhqaswm4wVMlLIto3ene4VR5RVLIhYs8nSzRWSNydST1TsDVSFj3M+1 X1oCxzEfGOXckCrxzktkLupulzn08//bdWp5GFRSR331EGwoB1k0FqxjxXy25FPD 8+4iK8mk1fyyHnHg6qT9WMoUcJ9IsWkbtl1A7isQ/cqtaV/cDG9/AbFiHY/CgCFd VqXhOD6/f8lBgh4CspWdQsDnvSDmoOEdDre20Y/mjsbriFNC3Zy0jPri1bN/aeOj 9e0AipkYkcQGpZ+SeYXmUxk+wjocIeTtaPzk8htDZsm1YsJE3w5lxzsGj/Y2Srg5 YBzfIkhgu3kLPInPd/tx4cofZv7LaXAYZ2RXN6OetZvqX/xXVkaK9JO+ef4JCC8C Hk5znS1T0S/gCjntPo7E =mMlN -----END PGP SIGNATURE----- -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
