Fw: [FreeBSD-Announce] FreeBSD Security Advisory
FreeBSD-SA-06:23.openssl
Bill Moran
wmoran at potentialtech.com
Thu Sep 28 06:46:28 PDT 2006
In response to Colin Percival <cperciva at freebsd.org>:
> Bill Moran wrote:
> > Can anyone define "exceptionally large" as noted in this statement?:
> >
> > "NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by
> > prohibiting the use of exceptionally large public keys. It is believed
> > that no existing applications legitimately use such key lengths as would
> > be affected by this change."
> >
> > It would be nice if "exceptionally large" were replaced with "keys in
> > excess of x bits in size" or something. I don't expect that this will
> > affect me, but ambiguous statements like that make me uncomfortable.
>
> DH and DSA are limited to 10000 bits. RSA is limited to 16400 or 4112 bits
> depending upon whether the public exponent is less or more than 72 bits.
>
> I wouldn't have allowed this change into the security branches if I was not
> very very confident that no applications would be affected by this.
>
> Colin Percival
I'm not questioning your ability to make these decisions, Colin.
Far, far from it.
I'm the type that is made uncomfortable by any statement that reads
_anything_ like "don't worry, we've taken care of it."
Take that email as two separate statements:
1) I'm curious as to exactly how big "exceptionally large" is.
2) I think this security advisory could be improved by including the
answer to #1.
Thanks for the quick response, and all the work you do.
--
Bill Moran
Collaborative Fusion Inc.
More information about the freebsd-security
mailing list