[gnutls-devel] GnuTLS | certtool --sec-param high generates a smaller key than expected (#1320)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Feb 11 07:21:40 CET 2022
Daniel Lublin commented:
Thanks all for your input. To both suggest the use of sec-param, and at the same time advice against passing too few bits, we could do like this:
If bits **<** "medium" (currently 2048), then say:
`"'--bits N' are on the low side, you are suggested to use (at least) '--sec-param medium' instead`
(Could also suggest sec-param medium if exactly medium number of bits passed.)
If bits **<=** "high" (3072), then say:
`"You are suggested to use '--sec-param high' instead of '--bits N'"`
If bits are larger, we don't suggest anything, assuming that user prefers bits and knows what they are doing.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1320#note_839424126
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220211/96a9960b/attachment.html>
More information about the Gnutls-devel
mailing list