From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=T_SCC_BODY_TEXT_LINE
	autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 14785 invoked from network); 26 Nov 2023 17:09:16 -0000
Received: from 9front.inri.net (168.235.81.73)
  by inbox.vuxu.org with ESMTPUTF8; 26 Nov 2023 17:09:16 -0000
Received: from duke.felloff.net ([216.126.196.34]) by 9front; Sun Nov 26 12:06:22 -0500 2023
Message-ID: <DF895FAA338BB5378709A413921F5792@felloff.net>
Date: Sun, 26 Nov 2023 18:06:12 +0100
From: cinap_lenrek@felloff.net
To: 9front@9front.org
In-Reply-To: <fd0cf878-4ca2-454a-bd93-b4236f09e598@bolddaemon.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: leveraged managed callback storage module 
Subject: Re: [9front] auth/rsagen: bump bits to 4096
Reply-To: 9front@9front.org
Precedence: bulk

> My reasoning is basically since we don't have alternative key types 
> (ed25519, ecdsa) for general usage / ssh, bump the default to the
> highest available.

and if we had elliptic curve kex in ssh then you would keep the
default alone? what kind of logic is that?

rsa is also not just used for ssh, there might be implementations
out there that wont support rsa keys bigger than 2048 bits...

have you considered the impact at all?

whats the connecition establishment time with 2048 vs 4096 bit
rsa keys?

please do the homework.

--
cinap