-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi folks,
Am Mi den 15. Jan 2014 um 23:36 schrieb Viktor Dukhovni: > Note, some Debian releases patched Exim to make it "more secure", > thereby breaking TLS handshakes with most servers, and making Exim > less secure when Exim falls back to cleartext delivery. That is not true. The default of 1024 bit is insecure today. It will just give you false security using such a short value. So it is just consequent increasing the limit and not using such keys. However, I did not currently check the value in debian or want to say any about any distributor. (I just see a general debian hate from some people on the list. But bashing doesn't help.) My point is about a false security feeling using unsecure key sizes. Please have also a look at [0] and [1]. Regards Klaus Ethgen [0] http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.42.5089 [1] http://web.archive.org/web/20120401053550/http://hp.kairaven.de/pgp/gpg/keylengths.html - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <[email protected]> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJS19cnAAoJEKZ8CrGAGfasMwUMAKFKNukyGAkZaB5YWH8Vl3MX Ml8jdlmnh3l4C/a+H33I84axw4KaFLnX3QUk2lHfpBc06cb9TDTbyjWzPoOfjH5W CBteHNjVf6fI3cAZRO25MBFCuULKVWdq4ePD4t3unq8j5iFOfu3UVgiAztLC1aIq WQS6wW80JYUKSj9D/l5EAN6H6OoTk064U9SBtQEfI0/pB4fl/9lmIrO0lX1wQZ0G qRWzCsJgkLpiuoVc9GyRXas7VJbjCzUEDbSbHtbwMbH5oOajrCTpd2yT0TvHPoVc AWybPrf1WjlcEAe36TyHHFS+LtCfhTgaWWWSxDeZnhpGypW88DgPDyued/GUS8f0 QzKN47jC2rgX1uUgfwTRx0XtOfynlhoLf05Es2vsnak/a+w81mnFshaKvInkjZts HNGdo14bSLdMwzuoauO4zBkkjq6kbR5oNf15H9dZ7NmGQmJOUOO7nmDmrscmD9g9 detMkF93Y6sSvCv+/OPXuwLJROXtS9HOqxNTOlkvgQ== =mLRV -----END PGP SIGNATURE----- -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
