On Thu, 2014-02-27 at 10:37 -0800, Andrew Lutomirski wrote: > In that case, why not give full control: > allowed_ciphers = AES-192, AES-256, Salsa20/12, Salsa20/20 > allowed_groups = modp >= 2048, P-256, Curve25519 > allowed_hashes = SHA-3, ... > allowed_modes = CTR, OCB, XTS, GCM > allowed_macs = ... Because of two reasons: 1. A typical administrator isn't a cryptographer. Most people cannot distinguish noise from the algorithms that you mention above. 2. That proposal has to work with very different libraries that don't provide the same level of access to their internals. Thus the practical solution is to handle pre-defined common policies rather than provide unlimited tuning for every possible purpose (that can be done by overriding the defaults). regards, Nikos -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
