No objection at all. Perhaps it might be worth checking that the other defaults are sane too at the same time though. e.g. x509 versions etc.
Rich. On 8 September 2014 22:59, Salz, Rich <rs...@akamai.com> wrote: > We are considering changing the default keysize (RSA, DSA, DH) from 1K to > 2K, and changing the default signing digest from SHA-1 to SHA-256. > > > > We've already committed this to HEAD/master. We would like to make this > change in the upcoming 1.0.2 release as well. Several downstream > distributions, such as Debian, have already done this. Microsoft has > already announced deprecation of SHA-1 certificates, and Google just > recently posted a fairly aggressive plan for Chrome. > > > > Does anyone have strong objections? > > > > -- > > Principal Security Engineer > > Akamai Technologies, Cambridge MA > > IM: rs...@jabber.me Twitter: RichSalz > > >
