-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 23-12-13 18:40, Wietse Venema wrote: > Viktor Dukhovni: >> On Mon, Dec 23, 2013 at 05:49:40PM +0100, Tom Hendrikx wrote: >> >>>> I am still fixing it for clarity, but it should be accurate. >>>> Feedback is welcome. >>>> >>> >>> After reading, I'm having some questions. >> >> s/reading/skimming/ :-) > > In this section, the commands that compute the parameters PRECEDE > the text that says why one might want to do this. >
The text currently reads like: - - you need to generate the params files once - - for greater security, re-generate every now and then The improved security that is gained in the first step is not obvious, which is why I went looking for the details on the params that Postfix uses when the settings are left untouched. You might want to make it clearer that providing customized params is more secure than using the builtins. After that, running a cronjob to refresh them is another improvement. Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSuH0qAAoJEJPfMZ19VO/18wsQAIwzLUl26Q6+j43vXudQpEq2 x8JUt/jjTcRz+PkurynM51YLlmikxzhwC3J/reUvp2zSvHojOAsbomDdp6NN72Km eJdvxSgxc5i05tcoPxtoUZ3aKZUHHFdQ/p/HtnG2zXiU77AWnBzPPBwaZd0qo0f0 Ao22oL68qltuc23APMSYI78acwLFZO/X3Lky+UquyPiwn8qK1JkX3WtzOwsTiNX6 Xv4taIxLSn6sje3DCyWv2lAX0mPTo6B9mKzi7zO1PyUtym/jBo/6WUbW9QxB8ZWC D3hRVkarDdUlWHPOHx1P3nkaA9aiZgy93rVCT0yrB14KS57GvGCBptjo36QHzsvP QUSPo79jjIL/Z3YE+g/HbonFMiHdP0vCioFVU8rgRBZXH1/UbdKHu7eJxxgR6Ggm GssbJkz3hx+JJNzXJcrPjlCrERn9cROKIY0gkE0shjMMcgUG41H9OGBR8GzEOYvm wUOoORAkzaJddeApRrEPGQqQcnlCRulbkQYk8UmnkxH+/P+YSHZqbMXFbxOZzW6Z +5ueiasIxlXA3+Dgmj0xlpOsWFRArFiJLBxfpvkE9Cl/ZhBV31t6DR09doCJznvn 5fFS803QEiwVPuQc0OGg7xYJUG4iDv5gqRxZh27Zuzz2SF5zKxMzTYb7xBxcJCqf QGxvbqtkzTpKC1tE5wxv =bwAN -----END PGP SIGNATURE-----