Re: [exim] REPOST: Possible TLS weakness in Exim? (to be not…

Góra strony
Delete this message
Reply to this message
Autor: Philip Hazel
Data: 2006-12-04 14:48 -000
Dla: Ralf G. R. Bergs
CC: exim-users, Florian Weimer
Temat: Re: [exim] REPOST: Possible TLS weakness in Exim? (to be noticed with Opera and Exim 4.50 from Debian stable)
On Mon, 4 Dec 2006, Ralf G. R. Bergs wrote:

> > NIST recommends to use 1024 bits. BSI (the German one, not the
> > British) recommends 1280 bits. Both do not really differentiate
> > between ephemeral session keys and long-term keys. But bumping the
>
> But it makes quite a difference how you use them... :-)
>
> > value is easy and probably the right thing to do from a PR angle.
>
> I doubt that it's a good idea to just change something to look good from
> a PR point of view. :-)
>
> What I *do* consider important, tho, is that we get the Opera guys and
> Exim to agree upon what is safe and what is unsafe. What do you think
> about this?


I am not a cryptographer. If certain experts (NIST, BSI) recommend
larger numbers than the current 768 (which came with the contributed
code, I suppose), then I am happy to change the number without regard to
the PR aspects. Unless somebody tells me not to, I am about to change it
to 1024 for the next release. Or should I use 1280?


-- 
Philip Hazel            University of Cambridge Computing Service
Get the Exim 4 book:    http://www.uit.co.uk/exim-book