On Mon, 2016-12-19 at 11:07 +0100, Tomasz Torcz wrote: > On Mon, Dec 19, 2016 at 09:35:09AM +0100, Nikos Mavrogiannopoulos > wrote: > > On Sat, 2016-12-17 at 16:19 +0100, Tomasz Torcz wrote: > > > Hi, > > > > > > Since few release we have nifty, consolidated way to select > > > system- > > > wide crypto > > > policy. It's great, but granularity of selection is little > > > lacking. > > > We have > > > basically two sensible choices: > > > - DEFAULT, which is, well, default > > > > That is one of the main goals of crypto policies. To set a sensible > > default across the system applications, irrespective of which back- > > end > > library it uses. It should not be underestimated, as even now we > > are > > not there yet, especially with the applications depending on the > > less > > known tls libraries, or applications using libssh*. > > > > As a general goal, the intention of the FUTURE policy is not to be > > compatible with the rest of the internet. That's the goal of the > > DEFAULT policy. The FUTURE is intended to be compatible with > > servers > > using parameters which are considered secure. > So, what exactly is the use case behind this preference? Administrators which need to set their system on a specific security level. Future is defined to be on the 112-bit level. regards, Nikos _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
