DH Group Exchange Fallback
Darren Tucker
dtucker at zip.com.au
Mon Sep 25 10:56:28 AEST 2017
On 25 September 2017 at 02:32, Mark D. Baushke <mdb at juniper.net> wrote:
> [+CC Loganaden Velvindron <logan at hackers.mu>] primary author of
> the RFC 4419 refresh draft.
https://datatracker.ietf.org/doc/draft-lvelvindron-curdle-dh-group-exchange/ ?
Tangent: has any consideration been given to increasing the maximum
allowed beyond 8192 bits (which is below the current NIST
recommendation for 256 bits of security)? Last time I looked OpenSSL
supported 10k bits out of the box so it probably wouldn't be hard to
support that in OpenSSH.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list