<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<p style="color: #777777;">
<a href="https://gitlab.com/quite">Daniel Lublin</a>
<a href="https://gitlab.com/gnutls/gnutls/-/issues/1320#note_838307540">commented</a>:
</p>
<div style="">
<p dir="auto">I read the code in <code>src/certtool-common.c</code> and <code>lib/algorithms/secparams.c</code>.</p>
<p dir="auto">The functions used to find and (based on passed bits) suggest a named sec-param classifies <code>3072 >= bits < 8192</code> as "High". But "High" is precisely 3072 bits when passed as sec-param. So user passed 4096 bits, but is suggested to pass something which gives 3072 bits instead. That's really not helpful.</p>
<p dir="auto">One could imagine trying to make the suggestion better, adding more complexity to this code. But what should it do -- avoid suggesting a sec-param if passed bits is "well above" a particular sec-param? Or suggest the next higher sec-param? Which in this case would be "Ultra" at 8192 bits.</p>
<p dir="auto">I really don't know anything about the rationale behind sec-param. Perhaps the suggestion of "High" here is by design. But my gut feeling says different. Rather than making this more complex, I'd vote for removing the suggestion alltogether (or perhaps reverting to the previous version, which just suggested that --sec-param be used instead of --bits).</p>
<p dir="auto">Pinging <a href="https://gitlab.com/nmav" data-user="105950" data-reference-type="user" data-container="body" data-placement="top" class="gfm gfm-project_member js-user-link" title="Nikos Mavrogiannopoulos">@nmav</a> touched this code last.</p>
</div>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1320#note_838307540">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/-/sent_notifications/bac82126a24f39a2e183a479e2e3c02a/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1320#note_838307540"}}</script>
</p>
</div>
</body>
</html>