[gnutls-devel] Bug#750094: Misleading warning

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Jun 9 16:18:51 CEST 2014

On Wed, Jun 4, 2014 at 5:50 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> On 06/04/2014 03:30 AM, Nikos Mavrogiannopoulos wrote:
>> I agree with your points. In fact the current warning was setup to
>> cover (0). There could be another warning for (1), but gnutls-cli
>> prints the size of the prime anyway if DHE is negotiated so I'm not
>> sure how much another warning would help.
> I was thinking it'd be useful in that a warning is distinct from a
> routine printout.  people with their own sense of what a threshhold
> should be can work from the routine information; but if we're providing
> a distinct warning, it would be for people who aren't making those kinds
> of decisions explicitly.

That got pretty low on my todo list, if there is any patch on that
I'll review it, but not planning in adding it myself.

> yeah, choosing a threshhold is hard, and probably would need to change
> over time, but at the moment, we have some concrete recommendations we
> can use.
> For example, ECRYPT II's 2011-2012 report suggests on page 30 that
> defense against just small/medium organizations to preserve
> confidentiality for a few months should be around 70 bits
> (symmetric-equivalent), which means a DLOG group a bit below 1024 bits.
>  We could even use the ECRYPT language in the warning.

I've now tied the warning to the security levels we have (and
specifically the very weak one).


More information about the Gnutls-devel mailing list