Update for 12-01-22 00:45

2022-01-12 00:45:01 -05:00 · 2022-01-12 00:45:01 -05:00 · 5d1e36f924
commit 5d1e36f924
parent d4e4b26b3b
1 changed files with 10 additions and 0 deletions
--- a/tech/cia-do-dont.wiki
+++ b/tech/cia-do-dont.wiki
@ -67,3 +67,13 @@ This is the CIA list of dos and donts.
 * DONOT assume free versions of PSP is the same as retail PSP. Test on all
  versions in a sandbox
 * DO test PSPs with recently live internet connections when possible
+
+== Encryption ==
+
+* Key exchange *must* be performed via Diffie-Hellman, Eliptic Curve
+  Diffie-Helmen, or RSA.
+  - ECDH, the prime must be 256 bits
+  - DH and RSA primes must be *at least* 2048 bits
+  - DH and ECDH is prefered for perfect forward security
+* Authentication *must* be done with TLS 1.2, Elliptic curve DSA, DSA, or RSA 
+  - Asymmetric keys *must* be at least 2048 bits (Elliptic curve, 256 bits)