Opened at 2012-09-04T23:47:17Z
Closed at 2015-04-21T23:51:27Z
#1801 closed defect (fixed)
are 1024-bit foolscap keys long enough?
Reported by: | davidsarah | Owned by: | warner |
---|---|---|---|
Priority: | major | Milestone: | 1.10.1 |
Component: | code-network | Version: | 1.9.2 |
Keywords: | foolscap security | Cc: | elb |
Launchpad Bug: |
Description (last modified by warner)
elb: while I'm active here, let me mention something else that bothers me ... it appears that the ssl keys used to protect tahoe's foolscap transport are rather strictly limited to 1024-bit self-signed keys
elb: and that appears to be decided within foolscap
elb: it would be kind of nice to be able to use a) longer, and b) signed keys
Note that this doesn't affect Tahoe's confidentiality and integrity guarantees for files; it affects things like confidentiality of write enablers, which is (only) a denial-of-service issue.
Change History (4)
comment:1 Changed at 2012-09-05T00:21:45Z by davidsarah
comment:2 Changed at 2012-11-25T01:43:29Z by davidsarah
Would be fixed by http://foolscap.lothar.com/trac/ticket/141.
comment:3 Changed at 2012-11-25T01:44:24Z by davidsarah
- Owner set to warner
- Priority changed from normal to major
comment:4 Changed at 2015-04-21T23:51:27Z by warner
- Description modified (diff)
- Milestone changed from undecided to 1.10.1
- Resolution set to fixed
- Status changed from new to closed
http://foolscap.lothar.com/trac/ticket/141 was closed with the release of foolscap-0.8.0, which creates 2048-bit certificates, so I'm closing this one out.
Note that this ticket is not about signed keys, only about key length. Signed foolscap keys wouldn't really fit with foolscap's authentication model, although for Tahoe, grid membership controls are in the scope of the accounting work.