My suggestion: Re-start the vote, three options:
Yes, new defaults (BC Break), Yes, old defaults (no BC break), No OR: add a second vote to the page, with: Use new defaults (BC Break), Use Old Defaults (No BC Break) On Sun, Jul 24, 2016 at 6:52 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > Hi all, > > I would like to ask the default session ID string preference. > > Details of guessing an active session ID is described in previous mail. > Please refer it for details. > > On Sun, Jul 24, 2016 at 4:57 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > > I don't mind pausing vote to have consensus on how many bits for > > session ID string is preferred. > > Current default is 128 bits with 32 chars. (Hex string which has 4 > bits per char) > Pros: Compatible with current default. > Cons: Weaker than proposed default > > Proposed default is 240 bits with 48 chars. (Special form which has 5 > bits per char) > Pros: Stronger than current default. > Cons: Incompatible with current default. > > 128 bits would be strong enough with CSPRNG, while 240 bits would be > preferred as precaution. > Which default would you prefer? > > I would like to restart vote based on the result. > > Thank you! > > -- > Yasuo Ohgaki > yohg...@ohgaki.net >
