-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 23-12-13 18:40, Wietse Venema wrote:
> Viktor Dukhovni:
>> On Mon, Dec 23, 2013 at 05:49:40PM +0100, Tom Hendrikx wrote:
>> 
>>>> I am still fixing it for clarity, but it should be accurate. 
>>>> Feedback is welcome.
>>>> 
>>> 
>>> After reading, I'm having some questions.
>> 
>> s/reading/skimming/ :-)
> 
> In this section, the commands that compute the parameters PRECEDE 
> the text that says why one might want to do this.
> 

The text currently reads like:
- - you need to generate the params files once
- - for greater security, re-generate every now and then

The improved security that is gained in the first step is not obvious,
which is why I went looking for the details on the params that Postfix
uses when the settings are left untouched.

You might want to make it clearer that providing customized params is
more secure than using the builtins. After that, running a cronjob to
refresh them is another improvement.

Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSuH0qAAoJEJPfMZ19VO/18wsQAIwzLUl26Q6+j43vXudQpEq2
x8JUt/jjTcRz+PkurynM51YLlmikxzhwC3J/reUvp2zSvHojOAsbomDdp6NN72Km
eJdvxSgxc5i05tcoPxtoUZ3aKZUHHFdQ/p/HtnG2zXiU77AWnBzPPBwaZd0qo0f0
Ao22oL68qltuc23APMSYI78acwLFZO/X3Lky+UquyPiwn8qK1JkX3WtzOwsTiNX6
Xv4taIxLSn6sje3DCyWv2lAX0mPTo6B9mKzi7zO1PyUtym/jBo/6WUbW9QxB8ZWC
D3hRVkarDdUlWHPOHx1P3nkaA9aiZgy93rVCT0yrB14KS57GvGCBptjo36QHzsvP
QUSPo79jjIL/Z3YE+g/HbonFMiHdP0vCioFVU8rgRBZXH1/UbdKHu7eJxxgR6Ggm
GssbJkz3hx+JJNzXJcrPjlCrERn9cROKIY0gkE0shjMMcgUG41H9OGBR8GzEOYvm
wUOoORAkzaJddeApRrEPGQqQcnlCRulbkQYk8UmnkxH+/P+YSHZqbMXFbxOZzW6Z
+5ueiasIxlXA3+Dgmj0xlpOsWFRArFiJLBxfpvkE9Cl/ZhBV31t6DR09doCJznvn
5fFS803QEiwVPuQc0OGg7xYJUG4iDv5gqRxZh27Zuzz2SF5zKxMzTYb7xBxcJCqf
QGxvbqtkzTpKC1tE5wxv
=bwAN
-----END PGP SIGNATURE-----

Reply via email to