[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnutls-dev
Subject:    Re: [gnutls-devel] Bug#750094: Misleading warning
From:       Nikos Mavrogiannopoulos <nmav () gnutls ! org>
Date:       2014-06-09 14:18:51
Message-ID: CAJU7za+y6Q5h1YdwfAPO1pYVXRH8vhjXM25xm8B_wg9-9MpMyg () mail ! gmail ! com
[Download RAW message or body]

On Wed, Jun 4, 2014 at 5:50 PM, Daniel Kahn Gillmor
<dkg@fifthhorseman.net> wrote:
> On 06/04/2014 03:30 AM, Nikos Mavrogiannopoulos wrote:
>> I agree with your points. In fact the current warning was setup to
>> cover (0). There could be another warning for (1), but gnutls-cli
>> prints the size of the prime anyway if DHE is negotiated so I'm not
>> sure how much another warning would help.
> I was thinking it'd be useful in that a warning is distinct from a
> routine printout.  people with their own sense of what a threshhold
> should be can work from the routine information; but if we're providing
> a distinct warning, it would be for people who aren't making those kinds
> of decisions explicitly.

That got pretty low on my todo list, if there is any patch on that
I'll review it, but not planning in adding it myself.

> yeah, choosing a threshhold is hard, and probably would need to change
> over time, but at the moment, we have some concrete recommendations we
> can use.
> For example, ECRYPT II's 2011-2012 report suggests on page 30 that
> defense against just small/medium organizations to preserve
> confidentiality for a few months should be around 70 bits
> (symmetric-equivalent), which means a DLOG group a bit below 1024 bits.
>  We could even use the ECRYPT language in the warning.

I've now tied the warning to the security levels we have (and
specifically the very weak one).

regards,
Nikos

_______________________________________________
Gnutls-devel mailing list
Gnutls-devel@lists.gnutls.org
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
[prev in list] [next in list] [prev in thread] [next in thread]