[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] Freedombox CA

On Thu, Sep 12, 2013 at 03:06:46PM +0100, Keith wrote:

> Possibly a paranoid option to rotate the ssl keys on the freedom box
> running manually and/or as a cron job (Now doing this daily with one of
> my mailservers).

What about insinsting on strict PFS support of cryptosystems 
still assumed to be secure, not allowing for weaker
fallbacks? 

What about use of shared secrets and symmetric cyphers,
still assumed to be secure as alternative options?

What about one time pads, and periodic rekeying of 
symmetric cyphers still assumed secure from one-time
pads as alternative options?

What about mixing in multiple sources of entropy, and
making sure that system is not starved of entropy when
generating keys?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130912/b6c6e8e9/attachment.sig>
Reply to: