Hi Without understanding what is or isn't possible in your code I would like to make a suggestion
If you can make it possible for administrators to choose then please do and give options in the following increments : 768 1024 2048 4096 People who want low processing overhead and are not hugely bothered by security will probably like the 1024 option Slightly more paranoid businesses who are concerned about the data transmitted are beginning to migrate to 2048 key lengths Government will use 2048 or 4096 depending on the classification of information and transmission medium used for the data "[Bruce Schneier recommends] 1280 bits through 2005 for individuals, 1536 for corporations, and 2048 for governments. " If however it is not possible to give options then 1024 is considered safe-ish for the moment 2048 would be preferred if it does not cause too high a processing overhead. Kind regards Hill Ruyter ----- Original Message ----- From: "Philip Hazel" <[EMAIL PROTECTED]> To: "Ralf G. R. Bergs" <[EMAIL PROTECTED]> Cc: <exim-users@exim.org>; "Florian Weimer" <[EMAIL PROTECTED]> Sent: Monday, December 04, 2006 2:48 PM Subject: Re: [exim] REPOST: Possible TLS weakness in Exim? (to be noticed with Opera and Exim 4.50 from Debian stable) > On Mon, 4 Dec 2006, Ralf G. R. Bergs wrote: > >> > NIST recommends to use 1024 bits. BSI (the German one, not the >> > British) recommends 1280 bits. Both do not really differentiate >> > between ephemeral session keys and long-term keys. But bumping the >> >> But it makes quite a difference how you use them... :-) >> >> > value is easy and probably the right thing to do from a PR angle. >> >> I doubt that it's a good idea to just change something to look good from >> a PR point of view. :-) >> >> What I *do* consider important, tho, is that we get the Opera guys and >> Exim to agree upon what is safe and what is unsafe. What do you think >> about this? > > I am not a cryptographer. If certain experts (NIST, BSI) recommend > larger numbers than the current 768 (which came with the contributed > code, I suppose), then I am happy to change the number without regard to > the PR aspects. Unless somebody tells me not to, I am about to change it > to 1024 for the next release. Or should I use 1280? > > > -- > Philip Hazel University of Cambridge Computing Service > Get the Exim 4 book: http://www.uit.co.uk/exim-book > > -- > ## List details at http://www.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://www.exim.org/eximwiki/ > -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
