[gnutls-devel] overall sec_param (weakest link) for a gnutls session?

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Jan 6 09:54:04 CET 2014


On Sun, Jan 5, 2014 at 9:38 PM, Nikos Mavrogiannopoulos <nmav at gnutls.org>wrote:

> > key lengths and TLS extensions. GnuTLS could include some default
> > profiles, such as profiles based on recommendations of institutions like
> > NIST or ENISA.
>
> Are you aware of any such profiles? The only one I know is suiteb from NSA.
>

I've just realized that ENISA has quite good and practical recommendations:
http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report

There is also a "best practices" paper, but I don't know whether we can get
much from that:
https://bettercrypto.org/static/applied-crypto-hardening.pdf

regards,
Nikos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140106/f2638e4e/attachment.html>


More information about the Gnutls-devel mailing list