On Thu, Sep 12, 2013 at 03:06:46PM +0100, Keith wrote: > Possibly a paranoid option to rotate the ssl keys on the freedom box > running manually and/or as a cron job (Now doing this daily with one of > my mailservers).
What about insinsting on strict PFS support of cryptosystems still assumed to be secure, not allowing for weaker fallbacks? What about use of shared secrets and symmetric cyphers, still assumed to be secure as alternative options? What about one time pads, and periodic rekeying of symmetric cyphers still assumed secure from one-time pads as alternative options? What about mixing in multiple sources of entropy, and making sure that system is not starved of entropy when generating keys?
signature.asc
Description: Digital signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
