[Freedombox-discuss] Freedombox CA
Keith
keith at fernie.eu
Thu Sep 12 15:49:30 UTC 2013
While other paranoid options are possible, I did not intend this to be a
full list.
However PFS is not being used enough, not all browsers support it, it is
for browsers only, not for example tls between mailservers.
Can't get it to work with Apache 2.2, the version in Debian Stable.
On Thu, 2013-09-12 at 15:26 +0200, Eugen Leitl wrote:
> On Thu, Sep 12, 2013 at 03:06:46PM +0100, Keith wrote:
>
> > Possibly a paranoid option to rotate the ssl keys on the freedom box
> > running manually and/or as a cron job (Now doing this daily with one of
> > my mailservers).
>
> What about insinsting on strict PFS support of cryptosystems
> still assumed to be secure, not allowing for weaker
> fallbacks?
>
> What about use of shared secrets and symmetric cyphers,
> still assumed to be secure as alternative options?
>
> What about one time pads, and periodic rekeying of
> symmetric cyphers still assumed secure from one-time
> pads as alternative options?
>
> What about mixing in multiple sources of entropy, and
> making sure that system is not starved of entropy when
> generating keys?
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
More information about the Freedombox-discuss
mailing list