Zitat von Phil Daws <[email protected]>:
Hello all,looking for a bit of advice as searches have not really reaped much. When we set up Djigzo's CA what would be the most client inter-operable settings to use; 2048 bits with SHA512 ? I have been led to believe that there have been issues on BlackBerrys, quite some time ago, when using 4096 bits and SHA512.
- You should not create/issue certificates with less than 1024bits RSA anymore, 2048 should be sufficient for the next 10 years (https://wiki.mozilla.org/CA:MD5and1024)
- SHA-2 had somewhat more issues especially on older windows version still widely used (http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx). Windows should be fixed today by this security update which bumps up the crypt32.dll though: http://support.microsoft.com/kb/2641690/en
So using 2048RSA/256SHA-2 should be safe enough an at least for e-mail understood by most clients today.
Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
