Re: [exim] REPOST: Possible TLS weakness in Exim? (to be not…

Top Page
Delete this message
Reply to this message
Author: Ralf G. R. Bergs
Date:  
To: exim-users
Subject: Re: [exim] REPOST: Possible TLS weakness in Exim? (to be noticed with Opera and Exim 4.50 from Debian stable)
Philip Hazel schrieb:
> On Mon, 4 Dec 2006, Ralf G. R. Bergs wrote:
>
>>> NIST recommends to use 1024 bits. BSI (the German one, not the
>>> British) recommends 1280 bits. Both do not really differentiate
>>> between ephemeral session keys and long-term keys. But bumping the
>> But it makes quite a difference how you use them... :-)
>>
>>> value is easy and probably the right thing to do from a PR angle.
>> I doubt that it's a good idea to just change something to look good from
>> a PR point of view. :-)
>>
>> What I *do* consider important, tho, is that we get the Opera guys and
>> Exim to agree upon what is safe and what is unsafe. What do you think
>> about this?
>
> I am not a cryptographer. If certain experts (NIST, BSI) recommend
> larger numbers than the current 768 (which came with the contributed
> code, I suppose), then I am happy to change the number without regard to
> the PR aspects. Unless somebody tells me not to, I am about to change it
> to 1024 for the next release. Or should I use 1280?


Philip,

would it be too much to ask to maybe add a config option for this? :-)

Just a suggestion...

Cheers, and thanks for taking time to think (and perhaps even do
something) about my issue.

Ralf