[Help-gnutls] Re: Previous bug in Debian regarding entropy Gnu-TLS, Exim-4.60, 2.4 kernel
Florian Weimer
fweimer at bfk.de
Wed Jul 12 12:51:15 CEST 2006
* Nikos Mavrogiannopoulos:
>> I would be surprised if RSA_EXPORT support is needed at all. I don't
>> see it in my mail server logs, and don't you need a special server
>> certificate to enable it anyway?
>
> The only requirement is for the server certificate to be able to be used
> for signing.
I don't think this is correct; the certificate issuer must come from
certain well-known CAs which allow upgrading to a better security
level. If you don't need interoperability with crippled clients,
you'd use RSA instead of RSA_EXPORT in the first place.
> Indeed. But in the versions of linux used, they depleted the same pool,
> thus again /dev/random was blocked.
But on a typical GNU/Linux system, no periodic tasks read from
/dev/random, so it doesn't matter if the pool has been depleted or
not. And the process which generates the key parameters for Exim
would not block, either.
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Durlacher Allee 47 tel: +49-721-96201-1
D-76131 Karlsruhe fax: +49-721-96201-99
More information about the Gnutls-help
mailing list