Re: How to setup certs for https access for Fedora 42?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Aren’t longer keys more effective than changing them often?
Especially as a Chinese team of researchers stated that they have broken a RSA-2048 private key?


From: "George N. White III" <gnwiii@xxxxxxxxx>
Date: Wednesday, 28 May 2025 at 1:21:59 pm
To: "Community support for Fedora users" <users@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: How to setup certs for https access for Fedora 42?

On Mon, May 26, 2025 at 9:25 AM Tim via users <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
Samuel Sieb:
> > If you want a recognized certificate, you either have to buy one or you
> > can use certbot to get a free one from https://letsencrypt.org/.  You
> > need to remember to renew it regularly.  I think they're valid for 3
> > months at a time.  That's what I use.

Patrick O'Callaghan:
> IIRC it's now down to 14 days, but certbot takes care of it
> automatically.

Why so short?

One of the concerns is bad actors storing encrypted data until new methods (quantum?) allow
them to decrypt the data.   Changing keys more often multiplies the effort needed to get all the 
data, which is a good thing.

--
George N. White III


Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. 
-- 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux