Update for 12-01-22 00:45
This commit is contained in:
parent
d4e4b26b3b
commit
5d1e36f924
@ -67,3 +67,13 @@ This is the CIA list of dos and donts.
|
||||
* DONOT assume free versions of PSP is the same as retail PSP. Test on all
|
||||
versions in a sandbox
|
||||
* DO test PSPs with recently live internet connections when possible
|
||||
|
||||
== Encryption ==
|
||||
|
||||
* Key exchange *must* be performed via Diffie-Hellman, Eliptic Curve
|
||||
Diffie-Helmen, or RSA.
|
||||
- ECDH, the prime must be 256 bits
|
||||
- DH and RSA primes must be *at least* 2048 bits
|
||||
- DH and ECDH is prefered for perfect forward security
|
||||
* Authentication *must* be done with TLS 1.2, Elliptic curve DSA, DSA, or RSA
|
||||
- Asymmetric keys *must* be at least 2048 bits (Elliptic curve, 256 bits)
|
||||
|
Loading…
Reference in New Issue
Block a user