Date: Thu, 28 Sep 2006 09:46:26 -0400 From: Bill Moran <wmoran@potentialtech.com> To: Colin Percival <cperciva@freebsd.org> Cc: freebsd security <freebsd-security@freebsd.org>, questions@freebsd.org Subject: Re: Fw: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:23.openssl Message-ID: <20060928094626.012b930c.wmoran@potentialtech.com> In-Reply-To: <451BCF1E.2070609@freebsd.org> References: <20060928092437.4a4923a7.wmoran@potentialtech.com> <451BCF1E.2070609@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In response to Colin Percival <cperciva@freebsd.org>: > Bill Moran wrote: > > Can anyone define "exceptionally large" as noted in this statement?: > > > > "NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by > > prohibiting the use of exceptionally large public keys. It is believed > > that no existing applications legitimately use such key lengths as would > > be affected by this change." > > > > It would be nice if "exceptionally large" were replaced with "keys in > > excess of x bits in size" or something. I don't expect that this will > > affect me, but ambiguous statements like that make me uncomfortable. > > DH and DSA are limited to 10000 bits. RSA is limited to 16400 or 4112 bits > depending upon whether the public exponent is less or more than 72 bits. > > I wouldn't have allowed this change into the security branches if I was not > very very confident that no applications would be affected by this. > > Colin Percival I'm not questioning your ability to make these decisions, Colin. Far, far from it. I'm the type that is made uncomfortable by any statement that reads _anything_ like "don't worry, we've taken care of it." Take that email as two separate statements: 1) I'm curious as to exactly how big "exceptionally large" is. 2) I think this security advisory could be improved by including the answer to #1. Thanks for the quick response, and all the work you do. -- Bill Moran Collaborative Fusion Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060928094626.012b930c.wmoran>