[Pkg-openssl-devel] Bug#747453: Florian and Kurt are right

[Salz, Rich]

Given the current state of the art, a 4K RSA is not a security flaw.  Maybe in the future it will be, but not now.  And it's not a serious flaw, because you are changing the source code on one side and expecting the other side to work without similar changes.

Saying "1-2 seconds it not a lot for the handshake" is naïve.  It is quite a lot if that server handles 1000 connections per second. :)

Changing OpenSSL so that the maximum keysize can be specified at run-time is a nice enhancement. It's not on anyone's plate at the moment, so if you have time a patch would be useful.

I understand the GNU philosophy of no arbitrary limits.  But keysize isn't the same thing as line-length, and other factors such as CPU cost must be considered.

I recommend you close this as WONTFIX.
--  
Senior Architect, Akamai Technologies
IM: richsalz at jabber.at Twitter: RichSalz