Hi,
I generally like the idea. However, I am not sure if anyone will know how to use this. Do all OSes support 12k RSA keys? Or should we rather not make this decision for our users and pick the best that works for everyone?
-Michael
On Fri, 2017-10-13 at 16:41 +0200, ummeegge wrote:
Hi Michael, thank you too for merging. Have think about to introduce with this patch also a choice (flip menus) for ROOT and HOST CA key lengths if a new PKI is generated. To use the new -- remote-cert-tls there is anyways the need to generate a new PKI so it might be possibly nice to have then also a possibility to select keylengths of IPFires certificates ? A possible solution can looks like this --> https://forum.ipfire.org/viewtopic .php?f=50&t=18852&start=15#p108795 so the ROOT CA are provided with 4096, 6144, 8192, 12288 and the HOST CA with 2048, 4096, 6144, 8192, 12288 bits . Did some testings with that whereby 12288 are the maximum made also tests with 16384 but this was too much for generating but also for usage.
As an extended idea.
Greetings,
Erik
Thank you very much. Merged.
On Fri, 2017-10-06 at 15:19 +0200, ummeegge wrote:
Hi all, reference and testings can be found in here --> https://forum.ipfire.org/v iewt opic.php?f=50&t=18852 .
Greetings,
Erik