On 6.1.2015 16:20, Nikos Mavrogiannopoulos wrote: > Hello, > I've created a transition tracker to system-wide crypto policy at: > https://bugzilla.redhat.com/show_bug.cgi?id=1179209 > > Currently it contains bugs filled against openssl and gnutls > applications in Fedora. If you use some application which utilizes > SSL/TLS and isn't included in the tracker feel free to request it use > the policy, and include a link to the bug report in the tracker. > > The tracker also contains a dependency on NSS respecting the system > crypto policy: https://bugzilla.redhat.com/show_bug.cgi?id=1157720 I wonder what is your plan moving forward. Is it going to be 'TLS policy'? Or are you planning to generalize it in future? E.g. DNSSEC-related software can be configured which algorithm list and key sizes too. I guess that the same applies to GnuPG. In other words, should the policy be able to express something like 'do not trust MD5, SHA1, DES, RC4, RSA < 1024 bits anymore' ? IMHO it would be extremely handy - it would allow us to quickly react when something is seriously broken without patching all affected applications in Fedora. -- Petr^2 Spacek -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
