Re: [ovs-dev] [PATCH 08/10] ovs-pki: Use 3072-bit keys by default and drop 1024-bit ones.

Eelco Chaudron Wed, 11 Dec 2024 08:24:09 -0800


On 9 Dec 2024, at 17:38, Ilya Maximets wrote:

> NIST Special Publication 800-57 Part 1 Revision 5 "Recommendation for
> Key Management" [1] estimates 2024-bit RSA keys as having 112 bits of
> security strength.  At the same time keys with 112 bits of security
> strength are deemed acceptable only through 2030 and disallowed after
> that year.
>
> Let's be safe and generate 3072-bit keys by default.  These should
> have 128 bits of security strength and are allowed after 2030.
>
> Also, 1024-bit keys are estimated to have only 80 bits of security
> strength and are generally disallowed today.  Let's not allow creation
> of such keys by default.
>
> [1] https://doi.org/10.6028/NIST.SP.800-57pt1r5
>
> Signed-off-by: Ilya Maximets <[email protected]>

Patchwork did not like the cover letter ACK, so will ack them individually.

Acked-by: Eelco Chaudron <[email protected]>

_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 08/10] ovs-pki: Use 3072-bit keys by default and drop 1024-bit ones.

Reply via email to