[Freedombox-discuss] Freedombox CA
Eugen Leitl
eugen at leitl.org
Thu Sep 12 13:26:08 UTC 2013
On Thu, Sep 12, 2013 at 03:06:46PM +0100, Keith wrote:
> Possibly a paranoid option to rotate the ssl keys on the freedom box
> running manually and/or as a cron job (Now doing this daily with one of
> my mailservers).
What about insinsting on strict PFS support of cryptosystems
still assumed to be secure, not allowing for weaker
fallbacks?
What about use of shared secrets and symmetric cyphers,
still assumed to be secure as alternative options?
What about one time pads, and periodic rekeying of
symmetric cyphers still assumed secure from one-time
pads as alternative options?
What about mixing in multiple sources of entropy, and
making sure that system is not starved of entropy when
generating keys?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130912/b6c6e8e9/attachment.sig>
More information about the Freedombox-discuss
mailing list