On Wed, Sep 28, 2022 at 05:08:37PM +0200, Cyborg via Exim-users wrote:
> But your key is a bit short. I suggest to upgrade it to at least 4096 bits.
I strongly disagree. There's no need to be a crypto
exhibitionist/maximalist. The vast majority of issuing CA RSA keys are
2048-bits. The use of 4096-bit keys is pointless waste of CPU,
especially given that these are *authentication* keys, not encryption
keys, so don't need to remain secure after they're replaced.
And keep in mind tht SMTP clients mostly still ignore the server
certificate entirely.
--
Viktor.
