Am 28.09.22 um 17:51 schrieb Viktor Dukhovni via Exim-users:
On Wed, Sep 28, 2022 at 05:08:37PM +0200, Cyborg via Exim-users wrote:
But your key is a bit short. I suggest to upgrade it to at least 4096 bits.
I strongly disagree. There's no need to be a crypto
exhibitionist/maximalist. The vast majority of issuing CA RSA keys are
2048-bits. The use of 4096-bit keys is pointless waste of CPU,
There is a BSI ( the german cybersecurity agency ) guideline for german
corps and gov entities, which states, that 2048 bit RSA keys, for any
purpose,
should not be used anymore in 2022.
Although, it's an EllipticCurve Key, so it's long enough. I did not
considers this in my answere, my fault.
Can you state, why you think, that this 2048 bit key is only used for
authentication, rather than for TLS encryption? I think, it is used, as
it's presented on port 25.
best regards,
Marius
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
