Comment #8 on issue 236 by mi...@leap.se: Use RSA keys instead of DSA
https://code.google.com/p/ganeti/issues/detail?id=236
3. Have a cluster level parameter that tells ganeti to use rsa or dsa
(and can only have those two values)
If you are going to do the work to resolve this, then you should take care
to make this flexible for the future. Having hard-coded values for crypto
primitives makes it very difficult to maneuver out from under those that
become problematic. Crypto primitive flexibility is critical - if an
exploit is found for something that has been hard-coded, and there is no
easy way for a user of the software to configure something different, then
the user has to wait an indeterminate amount of time for the code to be
updated, which is always a slower process than changing configuration
values.
As a further reason for doing this: many people are moving away even from
RSA keys now, for example towards ed25519 keys. If you are doing the work
to support RSA keys, then do the work to support *any* key type in an easy
way!
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
