Re: [exim] GnuTTS woes

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Viktor Dukhovni at <-
MMEvgeniy Berdnikov at ->
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: Re: [exim] GnuTTS woes
Am 28.09.22 um 17:51 schrieb Viktor Dukhovni via Exim-users:
> On Wed, Sep 28, 2022 at 05:08:37PM +0200, Cyborg via Exim-users wrote:
>
>> But your key is a bit short. I suggest to upgrade it to at least 4096 bits.
> I strongly disagree. There's no need to be a crypto
> exhibitionist/maximalist. The vast majority of issuing CA RSA keys are
> 2048-bits. The use of 4096-bit keys is pointless waste of CPU,
>

There is a BSI ( the german cybersecurity agency ) guideline for german
corps and gov entities, which states, that 2048 bit RSA keys, for any
purpose,
should not be used anymore in 2022.

Although, it's an EllipticCurve Key, so it's long enough. I did not
considers this in my answere, my fault.

Can you state, why you think, that this 2048 bit key is only used for
authentication, rather than for TLS encryption? I think, it is used, as
it's presented on port 25.

best regards,
Marius




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] GnuTTS woesRe: [exim] Exim relaying but shouldn't->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)