On Wed, Jun 04, 2014 at 03:15:33PM +0200, Nikos Mavrogiannopoulos wrote: > On Wed, 2014-06-04 at 09:05 -0400, Simo Sorce wrote:
> > > That's old version. New one > > > (https://fedoraproject.org/wiki/Changes/CryptoPolicy) > > > is: > > > Legacy: 767+ > > > default: 1023+ > > shouldn't this be 2047+ ? > > If we do that then the applications that use these settings will be > unable to talk to any servers that offer 1024 keys. Given the number of > these servers that would be a good reason for applications not switching > to this centrally managed configuration system. That is we'd have these > settings as in a museum and no-one will be using them. IMHO it should be part of the policy to create FUTURE class keys by default even if a weaker security level is required to make future transitions easier. Otherwise the amount of servers using weak keys will not decrease. Regards Till -- security mailing list security@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/security
