<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<p style="color: #777777;">
<a href="https://gitlab.com/dkg">Daniel Kahn Gillmor</a>
<a href="https://gitlab.com/gnutls/gnutls/-/issues/1231#note_590435000">commented</a>:
</p>
<div style="">
<p dir="auto">Regarding whether "bits" is supposed to be "symmetric-equivalent" or an actual representation in bits: A 2048-bit RSA key is reported as having 2048 bits, and the table of in <code>lib/algorithms/secparams.c</code> maps the different number of "bits" in different classes of algorithm to different security levels. So "bits" is about the underlying representation, not the "symmetric equivalence".</p>
<p dir="auto">It might be a bit confusing to the uninitiated reader that the "Key Security Level" informative line includes both an assessment/judgement/label (e.g., "high") and a context-dependent bit length. It's a bit strange to see <code>Ultra (384 bits)</code> in one sample and <code>Low (1024 bits)</code> in the next. (this could happen if the first is ECC and the second is RSA, for example). But, i'm not sure how to best fix the confusion -- as long as it shows up next to the <code>Public Key Algorithm</code> line, that does give it a bit of the context needed. So i guess this bug report should focus on just resolving the 57-vs-56 distinction.</p>
<p dir="auto">Weird that X448 is fine with <code>.size = 56</code> while Ed448 is not! i'd expect at least a bit of commentary in the code there for why these sizes are different.</p>
</div>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1231#note_590435000">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/-/sent_notifications/ce0c0ca71847c8d50f21422924028239/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1231#note_590435000"}}</script>
</p>
</div>
</body>
</html>