AES128 or AES256 by default?
Paul Querna
chip at corelands.com
Thu May 15 18:12:50 CEST 2008
On Thu, May 15, 2008 at 2:34 AM, Simon Josefsson <simon at josefsson.org>
wrote:
> There is a debian bug:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476441
>
> Which asks that we make AES-256 the default preferred cipher. Right now
> AES-128 is the default preferred cipher. Of course, today AES-256 is
> supported as well (it is the second preferred default cipher).
>
> What do people think here?
>
Applications can expose a cipher priortity configuration option -- just as
mod_gnutls does -- and then you could configure dovecot to default to
AES-256.
I don't believe the concerns expressed in the debian bug should be a reason
to have libgnutls's default priorities changed.
-Paul
>
> I don't care strongly, but I find the arguments for AES-256 rather weak.
> According to RFC 3766, to match a 256 bit symmetric key size, you need a
> ~15kb large RSA key or a ~500b large DSA key. People don't use that
> kind of public key sizes today as far as I know, as they become very
> big. The few who do should be able to tweak the GnuTLS cipher
> preference accordingly.
>
> /Simon
>
>
> _______________________________________________
> Gnutls-devel mailing list
> Gnutls-devel at gnu.org
> http://lists.gnu.org/mailman/listinfo/gnutls-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080515/781d437e/attachment.htm>
More information about the Gnutls-devel
mailing list