Re: F21 System Wide Change: System-wide crypto policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Feb 27, 2014 8:25 AM, "Jaroslav Reznik" <jreznik@xxxxxxxxxx> wrote:
>
> = Proposed System Wide Change: System-wide crypto policy =
> https://fedoraproject.org/wiki/Changes/CryptoPolicy

> == Detailed Description ==
> The idea is to have some predefined security levels such as LEVEL-80,
> LEVEL-128, LEVEL-256,
> or ENISA-LEGACY, ENISA-FUTURE, SUITEB-128, SUITEB-256. These will be the
> security levels
> that the administrator of the system will be able to configure by modifying
> /usr/lib/crypto-profiles/config
> /etc/crypto-profiles/config
>
> and being applied after executing update-crypto-profiles.
> (Note: it would be better to have a daemon that watches those files and
> runs update-crypto-profiles automatically)
>
> After that the administrator should be assured that any application
> that uses the system settings will follow a policy that adheres to
> the configured profile.
>
> Ideally setting a profile should be setting:
> * the acceptable TLS/SSL (and DTLS) versions
> * the acceptable ciphersuites and the preferred order
> * acceptable parameters in certificates and key exchange, i.e.:
> ** the minimum acceptable size of parameters (DH,ECDH,RSA,DSA,ECDSA)
> ** the acceptable elliptic curves (ECDH,ECDSA)
> ** the acceptable signature hash functions
> * other TLS options such as:
> ** safe renegotiation
>

Does this configuration limit the algorithms that are available or only the options that can be given to those algorithms or only the default values of those algorithms?

-Toshio

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux