From owner-freebsd-questions@FreeBSD.ORG Thu Sep 28 13:36:11 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA9B616A407 for ; Thu, 28 Sep 2006 13:36:11 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd4mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64C1943D5A for ; Thu, 28 Sep 2006 13:35:52 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd4mr6so.prod.shaw.ca (pd4mr6so-qfe3.prod.shaw.ca [10.0.141.69]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J6B00K651NJ2D90@l-daemon> for questions@freebsd.org; Thu, 28 Sep 2006 07:33:19 -0600 (MDT) Received: from pn2ml10so.prod.shaw.ca ([10.0.121.80]) by pd4mr6so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J6B0080U1NJJWH0@pd4mr6so.prod.shaw.ca> for questions@freebsd.org; Thu, 28 Sep 2006 07:33:19 -0600 (MDT) Received: from hexahedron.daemonology.net ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with SMTP id <0J6B004DF1NIZDZ0@l-daemon> for questions@freebsd.org; Thu, 28 Sep 2006 07:33:19 -0600 (MDT) Received: (qmail 91356 invoked from network); Thu, 28 Sep 2006 13:33:18 +0000 Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1) by localhost with SMTP; Thu, 28 Sep 2006 13:33:18 +0000 Date: Thu, 28 Sep 2006 06:33:18 -0700 From: Colin Percival In-reply-to: <20060928092437.4a4923a7.wmoran@potentialtech.com> To: Bill Moran Message-id: <451BCF1E.2070609@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.94.0.0 References: <20060928092437.4a4923a7.wmoran@potentialtech.com> User-Agent: Thunderbird 1.5 (X11/20060416) Cc: freebsd security , questions@freebsd.org Subject: Re: Fw: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:23.openssl X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2006 13:36:11 -0000 Bill Moran wrote: > Can anyone define "exceptionally large" as noted in this statement?: > > "NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by > prohibiting the use of exceptionally large public keys. It is believed > that no existing applications legitimately use such key lengths as would > be affected by this change." > > It would be nice if "exceptionally large" were replaced with "keys in > excess of x bits in size" or something. I don't expect that this will > affect me, but ambiguous statements like that make me uncomfortable. DH and DSA are limited to 10000 bits. RSA is limited to 16400 or 4112 bits depending upon whether the public exponent is less or more than 72 bits. I wouldn't have allowed this change into the security branches if I was not very very confident that no applications would be affected by this. Colin Percival