On Wed, Jun 4, 2014 at 5:50 PM, Daniel Kahn Gillmor <[email protected]> wrote: > On 06/04/2014 03:30 AM, Nikos Mavrogiannopoulos wrote: >> I agree with your points. In fact the current warning was setup to >> cover (0). There could be another warning for (1), but gnutls-cli >> prints the size of the prime anyway if DHE is negotiated so I'm not >> sure how much another warning would help. > I was thinking it'd be useful in that a warning is distinct from a > routine printout. people with their own sense of what a threshhold > should be can work from the routine information; but if we're providing > a distinct warning, it would be for people who aren't making those kinds > of decisions explicitly.
That got pretty low on my todo list, if there is any patch on that I'll review it, but not planning in adding it myself. > yeah, choosing a threshhold is hard, and probably would need to change > over time, but at the moment, we have some concrete recommendations we > can use. > For example, ECRYPT II's 2011-2012 report suggests on page 30 that > defense against just small/medium organizations to preserve > confidentiality for a few months should be around 70 bits > (symmetric-equivalent), which means a DLOG group a bit below 1024 bits. > We could even use the ECRYPT language in the warning. I've now tied the warning to the security levels we have (and specifically the very weak one). regards, Nikos -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

