Bug#598732: /usr/share/ssl-cert/ssleay.cnf should use 2048 bits

To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: 598732@bugs.debian.org
Subject: Bug#598732: /usr/share/ssl-cert/ssleay.cnf should use 2048 bits
From: Stefan Fritsch <sf@sfritsch.de>
Date: Fri, 1 Oct 2010 17:58:38 +0200
Message-id: <[🔎] 201010011758.38402.sf@sfritsch.de>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 598732@bugs.debian.org
In-reply-to: <[🔎] 20101001141053.26552.32696.reportbug@localhost.localdomain>
References: <[🔎] 20101001141053.26552.32696.reportbug@localhost.localdomain>

On Friday 01 October 2010, Daniel Kahn Gillmor wrote:
> It would be a shame if squeeze shipped with this default set below
> some common expectations of a key to last at least the lifetime of
> a debian release.

1024 bits are more than enough to satisfy the security expectations of 
an auto-generated "snake-oil" key for the life time of squeeze. 512 
bits were factored in 1999, 768 bits were factored in 2009. So, expect 
another 5-10 years for 1024.

If an ssl-cert upload is necessary for squeeze for other reasons, I 
will change it. Otherwise it will have to wait for wheezy.

Reply to:

Follow-Ups:
- Bug#598732: /usr/share/ssl-cert/ssleay.cnf should use 2048 bits
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

References:
- Bug#598732: /usr/share/ssl-cert/ssleay.cnf should use 2048 bits
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Prev by Date: Bug#598732: /usr/share/ssl-cert/ssleay.cnf should use 2048 bits
Next by Date: Processed: tagging 598732
Previous by thread: Bug#598732: /usr/share/ssl-cert/ssleay.cnf should use 2048 bits
Next by thread: Bug#598732: /usr/share/ssl-cert/ssleay.cnf should use 2048 bits
Index(es):
- Date
- Thread