2014-03-05 9:58 GMT+01:00 Nikos Mavrogiannopoulos :
> > The above proposed levels broadly make sense (taking 80/128/256 as a
> > "nice round numbers" that stand for detailed strenghts), we would
> > probably want to explicitly document the semantics (Is the semantics
> > of a level fixed forever o
On Tue, 2014-03-04 at 17:19 +0100, Miloslav Trmač wrote:
> 2014-02-27 17:22 GMT+01:00 Jaroslav Reznik :
> = Proposed System Wide Change: System-wide crypto policy =
> https://fedoraproject.org/wiki/Changes/CryptoPolicy
>
> Unify the crypto policies used by different
2014-02-27 17:22 GMT+01:00 Jaroslav Reznik :
> = Proposed System Wide Change: System-wide crypto policy =
> https://fedoraproject.org/wiki/Changes/CryptoPolicy
>
> Unify the crypto policies used by different applications and libraries.
Is this for TLS only? The description suggest this, but it'
2014-02-27 18:30 GMT+01:00 Nikos Mavrogiannopoulos :
> On Thu, 2014-02-27 at 16:35 +, Colin Walters wrote:
> > wrote:
> > > and being applied after executing update-crypto-profiles. (Note: it
> > > would be better to have a daemon that watches those files and runs
> > > update-crypto-profiles
* Jaroslav Reznik [2014-02-27 11:25]:
> = Proposed System Wide Change: System-wide crypto policy =
> https://fedoraproject.org/wiki/Changes/CryptoPolicy
>
> An idea of how this will be implemented is to have each Fedora
> application's configuration file or compilation option will set a
> system
On Fri, Feb 28, 2014 at 2:52 AM, Nikos Mavrogiannopoulos
wrote:
> On Thu, 2014-02-27 at 10:58 -0700, Andrew Lutomirski wrote:
>
>>
>> - LEVEL-256 provides well under 256-bit security.
>> - This is fine because no one actually needs 256-bit security.
>>
>> So *why on earth* would it make sense to
Nikos Mavrogiannopoulos (n...@redhat.com) said:
> On Thu, 2014-02-27 at 11:52 -0500, Bill Nottingham wrote:
> > > == Detailed Description ==
> > > The idea is to have some predefined security levels such as LEVEL-80,
> > > LEVEL-128, LEVEL-256,
> > > or ENISA-LEGACY, ENISA-FUTURE, SUITEB-128, SUI
On Thu, 2014-02-27 at 11:52 -0500, Bill Nottingham wrote:
> > == Detailed Description ==
> > The idea is to have some predefined security levels such as LEVEL-80,
> > LEVEL-128, LEVEL-256,
> > or ENISA-LEGACY, ENISA-FUTURE, SUITEB-128, SUITEB-256. These will be the
> > security levels
> > that t
On Thu, 2014-02-27 at 10:37 -0800, Andrew Lutomirski wrote:
> In that case, why not give full control:
> allowed_ciphers = AES-192, AES-256, Salsa20/12, Salsa20/20
> allowed_groups = modp >= 2048, P-256, Curve25519
> allowed_hashes = SHA-3, ...
> allowed_modes = CTR, OCB, XTS, GCM
> allowed_macs =
On Thu, 2014-02-27 at 17:59 +, Richard W.M. Jones wrote:
> > How is an admin supposed to know what levels such as the above are, and why
> > they might choose a particular one?
> Supplemental question:
> Why wouldn't you always want to choose the most secure one?
>
> I believe the proposal is
On Thu, 2014-02-27 at 10:58 -0700, Andrew Lutomirski wrote:
> >> For reference, there isn't a well-established, widely accepted
> >> symmetric cipher with 256-bit security. AES-256 is weak [1] and
> >> should probably not be used at all, let alone by anyone who wants a
> >> 256-bit security level
On Thu, Feb 27, 2014 at 10:26 AM, Stephen John Smoogen wrote:
>
>
>
> On 27 February 2014 10:58, Andrew Lutomirski wrote:
>>
>>
>> > We have to document that, but there will be always ways to shoot
>> > someones foot. There are legitimate uses of increasing a security level
>> > (if one for examp
On 27 February 2014 10:58, Andrew Lutomirski wrote:
>
> > We have to document that, but there will be always ways to shoot
> > someones foot. There are legitimate uses of increasing a security level
> > (if one for example sets up machines to be used in a LAN).
> >
> >> If someone sets SUITEB-wha
On Thu, Feb 27, 2014 at 11:52:01AM -0500, Bill Nottingham wrote:
> Jaroslav Reznik (jrez...@redhat.com) said:
> > = Proposed System Wide Change: System-wide crypto policy =
> > https://fedoraproject.org/wiki/Changes/CryptoPolicy
> >
> > Change owner(s): Nikos Mavrogiannopoulos
> >
> > Unify th
On Thu, Feb 27, 2014 at 10:49 AM, Nikos Mavrogiannopoulos
wrote:
> On Thu, 2014-02-27 at 10:12 -0700, Andrew Lutomirski wrote:
>> > == Detailed Description ==
>> > The idea is to have some predefined security levels such as LEVEL-80,
>> > LEVEL-128, LEVEL-256,
>> > or ENISA-LEGACY, ENISA-FUTURE, S
On Thu, Feb 27, 2014 at 11:22 AM, Jaroslav Reznik wrote:
> Unify the crypto policies used by different applications and libraries. That
> is
> allow setting a consistent security level for crypto on all applications in a
> Fedora system.
As others have noted, crypto tech compatibility is tricky.
On Thu, 2014-02-27 at 10:12 -0700, Andrew Lutomirski wrote:
> > == Detailed Description ==
> > The idea is to have some predefined security levels such as LEVEL-80,
> > LEVEL-128, LEVEL-256,
> > or ENISA-LEGACY, ENISA-FUTURE, SUITEB-128, SUITEB-256. These will be the
> > security levels
> > that th
On Thu, 2014-02-27 at 08:42 -0800, Toshio Kuratomi wrote:
> > After that the administrator should be assured that any application
> > that uses the system settings will follow a policy that adheres to
> > the configured profile.
> > Ideally setting a profile should be setting:
> > * the acceptable
On Thu, 2014-02-27 at 16:35 +, Colin Walters wrote:
> wrote:
> > and being applied after executing update-crypto-profiles. (Note: it
> > would be better to have a daemon that watches those files and runs
> > update-crypto-profiles automatically)
> Was the option of patching the libraries to *di
On Thu, Feb 27, 2014 at 9:22 AM, Jaroslav Reznik wrote:
> = Proposed System Wide Change: System-wide crypto policy =
> https://fedoraproject.org/wiki/Changes/CryptoPolicy
>
> Change owner(s): Nikos Mavrogiannopoulos
>
> Unify the crypto policies used by different applications and libraries. That
Jaroslav Reznik (jrez...@redhat.com) said:
> = Proposed System Wide Change: System-wide crypto policy =
> https://fedoraproject.org/wiki/Changes/CryptoPolicy
>
> Change owner(s): Nikos Mavrogiannopoulos
>
> Unify the crypto policies used by different applications and libraries. That
> is
> al
On Feb 27, 2014 8:25 AM, "Jaroslav Reznik" wrote:
>
> = Proposed System Wide Change: System-wide crypto policy =
> https://fedoraproject.org/wiki/Changes/CryptoPolicy
> == Detailed Description ==
> The idea is to have some predefined security levels such as LEVEL-80,
> LEVEL-128, LEVEL-256,
> or
On Thu, Feb 27, 2014 at 11:22 AM, Jaroslav Reznik
wrote:
and being applied after executing update-crypto-profiles.
(Note: it would be better to have a daemon that watches those files
and
runs update-crypto-profiles automatically)
Was the option of patching the libraries to *directly* read
= Proposed System Wide Change: System-wide crypto policy =
https://fedoraproject.org/wiki/Changes/CryptoPolicy
Change owner(s): Nikos Mavrogiannopoulos
Unify the crypto policies used by different applications and libraries. That is
allow setting a consistent security level for crypto on all app
24 matches
Mail list logo
