From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4
Received: (qmail 19394 invoked from network); 26 Nov 2023 19:20:37 -0000
Received: from 9front.inri.net (168.235.81.73)
  by inbox.vuxu.org with ESMTPUTF8; 26 Nov 2023 19:20:37 -0000
Received: from wout1-smtp.messagingengine.com ([64.147.123.24]) by 9front; Sun Nov 26 14:15:16 -0500 2023
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
	by mailout.west.internal (Postfix) with ESMTP id 91E7832002D8
	for <9front@9front.org>; Sun, 26 Nov 2023 14:15:14 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162])
  by compute1.internal (MEProxy); Sun, 26 Nov 2023 14:15:14 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bolddaemon.com;
	 h=cc:content-transfer-encoding:content-type:content-type:date
	:date:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:sender:subject:subject:to:to; s=fm1; t=
	1701026114; x=1701112514; bh=EC1g9ZcooU4tiyw/FQbz6y2Hy3zPx+RRB4L
	aJ3DJrrU=; b=I69qazmZVOjDCTIKkpvVXtKMuTTZq1xmyay0hjkWOYCKSopvNp+
	LsPzxnRuJDOhB/6kHNn/MmGeN4kakcf6eB6MDa8r+vzIfVrwBK84ioYTMqUE0Udy
	RclRszCUK45R58VJb6axUMfgPHxfTw+h62ikehLl4Bbs/wvudPoYXTFt0kQsyAor
	ltulMHl8J6YghCOovIhlpYoX7c0+y+nsKV0GEsEeB8EwHPUBxoqYTWVDqX0yJz1O
	GMx7EKZJ9Ogml2wpIEMEjfl8qg/Ae7HmJ6nMqXm+W4y4z0bg/o37Qss2XZMcL3U3
	QfHdNTxQ9VyZWKoWbPeuF0oQrQ2eOR0enwA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:content-type:date:date:feedback-id:feedback-id:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1701026114; x=
	1701112514; bh=EC1g9ZcooU4tiyw/FQbz6y2Hy3zPx+RRB4LaJ3DJrrU=; b=f
	xF6ncQvbxYsfpz/XehM+Lvh2DjbC/pS65h051o+Boj2x61IwjYAd+fTXRNpUSYnS
	8MxZ4cDuK6IHo2e9iZCh2QByMQ2psRYEdEFpxm4EFl7R2hNv1gzifHpkAhXMw95F
	kxBDhHs7XJne/TUg3jbsAFc6GVjRyMJNKxpbihyyZ4fxMYnn0lntW0WYoKqhvDOO
	wzhzm3eyJr6qRpG/4AlS6Al0n08AhmTcJPFP5PPkwDVRiyMHeXcKx03+T71bs7Gg
	HBvhcFdwqB09Wht5d00Rktfzsw28zc6jeqeFw6EuHzCshWmbMsCDiPwK6cGjN5ZM
	+rzTRr1F8ML+d/QaxNTQw==
X-ME-Sender: <xms:QZljZd6ks0PeTc06l_EfjjjRjbOB2Y5WD9yLd86D9luNPlRwmUiOVQ>
    <xme:QZljZa7COgJgKM1N9Y5-T6NsCkDW_ge1_4vCn7Hmd349kibdPGEB2J2xxtZtyH9pL
    -k9_p5_RWPAe-etxQ>
X-ME-Received: <xmr:QZljZUeQtRHitcyxHp6_QZQcyllFcBaSwdS4mOy4h698CJ5oepxo1ecnb-E4U_60UA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudehledguddviecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
    necuuegrihhlohhuthemuceftddtnecunecujfgurhepkfffgggfuffvfhfhjggtgfesth
    ejredttddvjeenucfhrhhomheptegrrhhonhcuuehivggsvghruceorggrrhhonhessgho
    lhguuggrvghmohhnrdgtohhmqeenucggtffrrghtthgvrhhnpeevvdefleethfettdejue
    ehfeefudejffekieefffegffevheeutdehueefffejudenucevlhhushhtvghrufhiiigv
    pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrrghrohhnsegsohhluggurggvmhhonh
    drtghomh
X-ME-Proxy: <xmx:QZljZWKkRYJXnWQrrvYDoPqDq6K6hhFKdIqw2Y9Nn3M2FdjY-kf27g>
    <xmx:QZljZRLO8sspmJPDrKrkVw7lwz5NRXajJjN3AENb4pBve_iCMRiVZg>
    <xmx:QZljZfyFBBFx888lLD9rvcrWjw9fChR5vweGzl2BZVmJ7sYxKHAR6Q>
    <xmx:QpljZUldZ22GtTqw3Y4QOMGkAHYqz-fwOby_jf_4WNTrUPKJPoybWw>
Feedback-ID: i545840d3:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <9front@9front.org>; Sun, 26 Nov 2023 14:15:13 -0500 (EST)
Message-ID: <f43fd147-e07c-40b5-a343-b5e26afe577e@bolddaemon.com>
Date: Sun, 26 Nov 2023 12:15:12 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: 9front@9front.org
References: <DF895FAA338BB5378709A413921F5792@felloff.net>
From: Aaron Bieber <aaron@bolddaemon.com>
In-Reply-To: <DF895FAA338BB5378709A413921F5792@felloff.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: responsive hardware enhancement 
Subject: Re: [9front] auth/rsagen: bump bits to 4096
Reply-To: 9front@9front.org
Precedence: bulk



On 11/26/23 10:06, cinap_lenrek@felloff.net wrote:
>> My reasoning is basically since we don't have alternative key types
>> (ed25519, ecdsa) for general usage / ssh, bump the default to the
>> highest available.
> and if we had elliptic curve kex in ssh then you would keep the
> default alone? what kind of logic is that?

It's some logic you just made up :P - I never said I wouldn't propose 
changing
it if we had EC kex. I probably would have not picked 4096 though.
>
> rsa is also not just used for ssh, there might be implementations
> out there that wont support rsa keys bigger than 2048 bits...
>
> have you considered the impact at all?

I have, and my thoughts are if those things need smaller key sizes, they can
generate them.

> whats the connecition establishment time with 2048 vs 4096 bit
> rsa keys?
>
> please do the homework.

I haven't hit any issues - and I am on some pretty shitty internet. I 
haven't tested
extensively though. That said, IMO if people need speed they can still 
generate
smaller keys...

> --
> cinap