On Wed, Jun 4, 2014 at 5:50 PM, Daniel Kahn Gillmor
<[email protected]> wrote:
> On 06/04/2014 03:30 AM, Nikos Mavrogiannopoulos wrote:
>> I agree with your points. In fact the current warning was setup to
>> cover (0). There could be another warning for (1), but gnutls-cli
>> prints the size of the prime anyway if DHE is negotiated so I'm not
>> sure how much another warning would help.
> I was thinking it'd be useful in that a warning is distinct from a
> routine printout.  people with their own sense of what a threshhold
> should be can work from the routine information; but if we're providing
> a distinct warning, it would be for people who aren't making those kinds
> of decisions explicitly.

That got pretty low on my todo list, if there is any patch on that
I'll review it, but not planning in adding it myself.

> yeah, choosing a threshhold is hard, and probably would need to change
> over time, but at the moment, we have some concrete recommendations we
> can use.
> For example, ECRYPT II's 2011-2012 report suggests on page 30 that
> defense against just small/medium organizations to preserve
> confidentiality for a few months should be around 70 bits
> (symmetric-equivalent), which means a DLOG group a bit below 1024 bits.
>  We could even use the ECRYPT language in the warning.

I've now tied the warning to the security levels we have (and
specifically the very weak one).

regards,
Nikos


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to