On May 24, 2011, at 1:38 AM, Daniel Pittman wrote: > On Fri, May 20, 2011 at 08:23, Nigel Kersten <ni...@puppetlabs.com> wrote: >> On Fri, May 20, 2011 at 5:39 AM, Mark Stanislav <mark.stanis...@gmail.com> >> wrote: >>> >>> In short, I'm in agreement with you. With the CA which is defaulted to 5 >>> years (not at all surprising) there's no doubt that soon (maybe 2.7 is a >>> good time?) that 2048 key size should be used for at least the CA key, if >>> not default for client key generation as well. Secondly, yes, I don't know >>> why MD5 would be the hashing algorithm of choice in this case either. >>> >>> As I recall last year, most major root CAs went to 2048 last year to not >>> anger the NIST recommendation. >> >> We will do this for 2.7.x unless we get major pushback from the community. > > To replicate what I said in RedMine:
For those playing along at home ;) http://projects.puppetlabs.com/issues/6663 > I am strongly of the view that we should follow the most restrictive > of the current sets of government advice (eg: BSI, NSA/NIST, etc) and > advice from the experts in the field. If this requires addressing the > question of how to achieve compatibility then we had better solve > this, before someone genuinely breaks MD5, or RSA, or whatever in a > way that matters to us, and we end up in more serious trouble: having > to solve this in zero time, rather than with the relatively luxury of > time. There will of course be a trade-off for security versus performance, which is why being reasonable about strength used should be also considered. 2048 bit RSA keys are 'good' until ~2030 at this time (according to NIST). Considering a default CA cert is five years for Puppet, this is a very reasonable way to go. There shouldn't be a compatibility issue to solve unless there's some interesting crypto voodoo occurring in Puppet ;) > > Larger keys, better hashing (probably by adding them as well as md5, > rather than just replacing it, etc.) I really don't know of any reason to implement MD5 at all. It *is* broken and we do have better algorithms to implement. Even if SHA-1 is on its last leg, it's still a step-up. SHA-256 is preferred, though. Again, a great discussion to be having and very forward thinking. -Mark > > (Oh, and we absolutely have the capabilities to inspect the client > version and make intelligent decisions about what we ship in terms of > checksums, etc, as part of our compatibility story. As long as the > master leads the agent in version we should be fine.) > > Daniel > -- > ⎋ Puppet Labs Developer – http://puppetlabs.com > ✉ Daniel Pittman <dan...@puppetlabs.com> > ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 > ♲ Made with 100 percent post-consumer electrons > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
