On 16/02/2011 21:59, Martin Paljak wrote: >>> I would not date to suggest turning<1024 key support off (which is the >>> recommendation by several organizations) but giving a nice fat warning to >>> the user when creating keys (not importing!) below 1024 (or 1024 keys when >>> the card claims support for 2048) bits. >> That could be done for every key size less than the maximum handled by >> the card. This way the user is encouraged to use the maximum available >> security, and fall back to less secure keys only if he needs to. > :) > > Nice one! Can you please file it as a wish list ticket with a link to this > thread as well, so that it won't slip through the cracks? (added a note about > list thread links to ReportingBugs [1] page as well) Ticket 331 created.
> Thanks for your input, if all of the things won't get fixed for the next > release (0.12.1) then surely in one of the succeeding builds. Which could > eventually happen as often as on biweekly basis. Marked for "someday". > If you can, please post about your experiments with MyEID profile tweaks as > well, so that the default profile could be improved. Already did that on my site (but only in Italian, for now... I was waiting for something "definitive" before translating. You can see it at: http://www.csshl.net/content/smartcard-conservare-certificati-e-chiavi-ssh (on a single line). The setting I'm now using is the one in the third comment. BYtE! _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
