> On Dec 10, 2018, at 8:19 PM, Alice Wonder <al...@domblogger.net> wrote:
>
> Even in this thread someone pointed out that Debian defaults to 1024-bit RSA.
> You end up with things like SHA1 still enabled because upstream thought the
> compatibility mattered more than the security.
>
> So yes, I made a typo, and maybe I'm not a guru but the reason why I fiddle
> with this stuff is because when I didn't - too often the "experts" left
> things in a way that were dangerous.
The dangers of SHA1 and RSA1024 are overhyped. Walk don't
run to better options when interoperable, and don't set the
bar too high, lest you get reduced security by degrading less
capable peers to cleartext. There are actors and applications
where SHA1 and RSA1024 may be unwise, but email is mostly not
such an application. Nobody is investing millions of dollars
in CPU and memory resources to read *your* email traffic.
With TLS, it suffices to raise the ceiling (enable stronger
ciphers) to get strong encryption. Raising the floor is not
nearly as critical. Yes, you should have SSLv2 or export
ciphers, but that should not require advanced ciphersuite
settings.
--
Viktor.
