On Fri, 2014-08-08 at 10:34 +0100, Tristan Santore wrote: > What about GNUPG ? > And what will that default be set to ? Nothing. It is outside the scope for now. The idea is to extend to all applications we can though, but currently, unless someone contributes an enhancement, it is restricted to TLS/SSL and openssl/gnutls. > Because certain ciphers that NIST > seems to think are OK, are not OK, as we found out. Which ciphers are those? Most probably you are referring to the EC-dual DRBG random generator. I don't believe we ever had that. It was a bad choice for both technical and security reasons. > And who decides > which cyphers are good in that context ? > Are we following bettercrypto.org's paper ? We do, by following many recommendations. Not only NIST's, and not only bettercrypto's. regards, Nikos -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
