[Operators] Please enable Forward Secrecy for your servers!
mati at fsinf.at
Mon Jul 27 20:36:50 UTC 2015
I think we have a misunderstanding here:
On 2015-07-27 22:28, Patrick Beisler wrote:
> why not allow 2048 for now with the prerequisite that all server may
> move to 4096, if we can actually agree on it. Some people may also need
> to purchase new certs anyways, so at least they have a heads up.
> but that's just me.. I just had a 2048 last year before renewing and
> just so happened to do 4096. (as an example)
No one is trying to forbid 2048 bit certificates. I described 4096 bit
certs as "best practice". So when you get a new one, I think you should
get a 4096 bit cert ;-). My original post tried to get a momentum
towards ubiquitous Forward Secrecy, a different issue.
twitter: @mathiasertl | xing: Mathias Ertl | email: mati at er.tl
I only read plain-text mail! I prefer signed/encrypted mail!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6044 bytes
Desc: S/MIME Cryptographic Signature
More information about the Operators