[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Additional network security

From: Lars Magne Ingebrigtsen
Subject: Re: Additional network security
Date: Sun, 07 Dec 2014 18:45:25 +0100
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)

Ted Zlatanov <address@hidden> writes:

> How about extending the GnuTLS priority string to also specify the NSM
> level, DH bits, etc? So the user would say "NORMAL:NSM(medium,dh=1024)"
> and we'd cut out all the NSM bits before passing it on to GnuTLS. If
> there's nothing in the priority string, we'd look at
> `network-security-level', that would be the out-of-the-box use case.

I'm not sure we need to allow this to be customised at this fine-grained
level.  Does Firefox allow that, for instance?

> RC4 should be disallowed on medium IMO. I *think* it already is
> disallowed in the default GnuTLS priority string.

There are prominent web sites that only offer RC4, most famously the
video streams from Youtube.  (Because Google.)  

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]