In response to Colin Percival <cperciva@freebsd.org>: > Bill Moran wrote: > > Can anyone define "exceptionally large" as noted in this statement?: > > > > "NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by > > prohibiting the use of exceptionally large public keys. It is believed > > that no existing applications legitimately use such key lengths as would > > be affected by this change." > > > > It would be nice if "exceptionally large" were replaced with "keys in > > excess of x bits in size" or something. I don't expect that this will > > affect me, but ambiguous statements like that make me uncomfortable. > > DH and DSA are limited to 10000 bits. RSA is limited to 16400 or 4112 bits > depending upon whether the public exponent is less or more than 72 bits. > > I wouldn't have allowed this change into the security branches if I was not > very very confident that no applications would be affected by this. > > Colin Percival I'm not questioning your ability to make these decisions, Colin. Far, far from it. I'm the type that is made uncomfortable by any statement that reads _anything_ like "don't worry, we've taken care of it." Take that email as two separate statements: 1) I'm curious as to exactly how big "exceptionally large" is. 2) I think this security advisory could be improved by including the answer to #1. Thanks for the quick response, and all the work you do. -- Bill Moran Collaborative Fusion Inc. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"