There is a debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476441
Which asks that we make AES-256 the default preferred cipher. Right now
AES-128 is the default preferred cipher. Of course, today AES-256 is
supported as well (it is the second preferred default cipher).
What do people think here?
Applications can expose a cipher priortity configuration option -- just as mod_gnutls does -- and then you could configure dovecot to default to AES-256.
I don't believe the concerns expressed in the debian bug should be a reason to have libgnutls's default priorities changed.
-Paul
I don't care strongly, but I find the arguments for AES-256 rather weak.
According to RFC 3766, to match a 256 bit symmetric key size, you need a
~15kb large RSA key or a ~500b large DSA key. People don't use that
kind of public key sizes today as far as I know, as they become very
big. The few who do should be able to tweak the GnuTLS cipher
preference accordingly.
/Simon
_______________________________________________
Gnutls-devel mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/gnutls-devel