[gnutls-devel] GnuTLS | certtool --sec-param high generates a smaller key than expected (#1320)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Feb 11 07:21:40 CET 2022

Daniel Lublin commented:

Thanks all for your input. To both suggest the use of sec-param, and at the same time advice against passing too few bits, we could do like this:

If bits **<** "medium" (currently 2048), then say:

`"'--bits N' are on the low side, you are suggested to use (at least) '--sec-param medium' instead`

(Could also suggest sec-param medium if exactly medium number of bits passed.)

If bits **<=** "high" (3072), then say:

`"You are suggested to use '--sec-param high' instead of '--bits N'"`

If bits are larger, we don't suggest anything, assuming that user prefers bits and knows what they are doing.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1320#note_839424126
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220211/96a9960b/attachment.html>

More information about the Gnutls-devel mailing list