On Thu, May 22, 2008 at 05:20:21PM +0200, Simon Josefsson wrote: > I think increasing the limit is necessary since there appeared to be > some configurations which ran into the earlier limit. Possibly 48kb is > excessive, and it could be made smaller. I think the largest handshake > we saw in reality was 25kb.
Yes, but it is bound to grow with Debian's ca-certificates package. > Configuring the list of ca-certificates is possible, as far as I know. > GnuTLS doesn't do any of this, it is in the application. I suspect exim > is using the ca-certificates debian infrastructure. The exim package does not do anything like that explicitly, and exim's GnuTLS code is quite rudimentary and certainly not Debian-specific. > It seems some people click to trust every CA in the entire world (or > close to that) That seems to be the default when installing Debian's ca-certificates package. > Btw, we have fixed the warning message you get when this happens, That's very good news and will help debugging in the future.. > Possibly we could even revert back to the earlier 16kb limit, if the > configurations with a lot of CAs are considered excessive and buggy by > themselves. So that would be a bug in the ca-certificates package, which I unfortunately do not know of. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 Bitte beachten Sie, daß dem [m.E. grundgesetzwidrigen] Gesetz zur Vorratsdatenspeicherung zufolge, seit dem 1. Januar 2008 jeglicher elektronische Kontakt (E-Mail, Telefongespräche, SMS, Internet- Telefonie, Mobilfunk, Fax) mit mir oder anderen Nutzern verdachts- unabhängig für den automatisierten geheimen Zugriff durch Strafver- folgungs- u. Polizeivollzugsbehörden, die Bundesanstalt für Finanz- dienstleistungsaufsicht, Zollkriminal- und Zollfahndungsämter,die Zollverwaltung zur Schwarzarbeitsbekämpfung, Notrufabfragestellen, Verfassungsschutzbehörden, den Militärischen Abschirmdienst, Bundes- nachrichtendienst sowie 52 Staaten wie beispielsweise Aserbeidschan oder die USA sechs Monate lang gespeichert wird, einschließlich der Kommunikation mit Berufsgeheimnisträgern wie Ärzten, Journalisten und Anwälten. Mehr Infos zur totalen Protokollierung Ihrer Kommunikations- daten auf www.vorratsdatenspeicherung.de. (leicht verändert übernommen kopiert von www.lawblog.de) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

