[Ach] Certificate Recommendations

Adi Kriegisch adi at kriegisch.at
Mon Jan 27 10:51:15 CET 2014


> I just needed to generate a certificate for my webserver. I thought, I  
> will check the bettercrypto paper to get recommendations for the key  
> length and other important parameters - but I failed. At least in the  
> "PKI" section I had hopped to get this recommendations. So, either such  
> recommendations are well hidden, or missing.
Oh well, you're right: There is no single point to get those information
out of the paper... (I'll add that to my list).
There is the keylength section saying that we go with the Ecrypt II paper
in recommending 3248bit (or more). And somewhere there is a section about
Random Number Generators that states that you should have enough entropy
available when eg. generating certificates...
Hope, that helps you for the moment and thanks for that remark as it will
help us in improving that paper!

-- Adi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140127/ddcc825a/attachment.sig>

More information about the Ach mailing list