Enforcement of a system-wide crypto policy

Nikos Mavrogiannopoulos

Playlists: 'osc16' videos starting here / audio / related events

Currently each and every shipped application in distributions enforces its own policy on the allowed cryptographic algorithms/protocols. While for some this is a desirable property, for most non-UI applications and libraries in an operating system it creates an uncertainty on the available security level. The purpose of this talk is to describe the approach we've taken in Fedora to counter the issue, by enforcing system-wide policies, discuss the current outcome, lessons learned, and invite OpenSuse maintainers to participate.

URLs: https://fedoraproject.org/wiki/Changes/CryptoPolicy