[Operators] Please enable Forward Secrecy for your servers!

Patrick Beisler psjbeisler at gmail.com
Mon Jul 27 20:46:10 UTC 2015


I thought I saw some servers were already discriminating by cert size, mb.

On Mon, Jul 27, 2015 at 4:36 PM, Mathias Ertl <mati at fsinf.at> wrote:

> I think we have a misunderstanding here:
>
> On 2015-07-27 22:28, Patrick Beisler wrote:
> > why not allow 2048 for now with the prerequisite that all server may
> > move to 4096, if we can actually agree on it. Some people may also need
> > to purchase new certs anyways, so at least they have a heads up.
> > but that's just me.. I just had a 2048 last year before renewing and
> > just so happened to do 4096. (as an example)
>
> No one is trying to forbid 2048 bit certificates. I described 4096 bit
> certs as "best practice". So when you get a new one, I think you should
> get a 4096 bit cert ;-). My original post tried to get a momentum
> towards ubiquitous Forward Secrecy, a different issue.
>
> greetings, Mati
>
>
> --
> twitter: @mathiasertl | xing: Mathias Ertl | email: mati at er.tl
> I only read plain-text mail!  I prefer signed/encrypted mail!
>
>


-- 
The Internet is changing, consider securing your messages with PGP.
https://keybase.io/psjbeisler/key.asc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150727/17773f42/attachment.html>


More information about the Operators mailing list