fix openvpn easy-rsa wording. It was an example, not a definitive number. Thx riepl...

author Aaron Kaplan <aaron@lo-res.org>

Thu, 2 Jan 2014 13:35:06 +0000 (14:35 +0100)

committer Aaron Kaplan <aaron@lo-res.org>

Thu, 2 Jan 2014 13:35:06 +0000 (14:35 +0100)
author Aaron Kaplan <aaron@lo-res.org>
Thu, 2 Jan 2014 13:35:06 +0000 (14:35 +0100)
committer Aaron Kaplan <aaron@lo-res.org>
Thu, 2 Jan 2014 13:35:06 +0000 (14:35 +0100)
diff --git a/src/practical_settings/vpn.tex b/src/practical_settings/vpn.tex

index 2a55009..4e854df 100644 (file)
--- a/src/practical_settings/vpn.tex
+++ b/src/practical_settings/vpn.tex
@@ -343,8 +343,8 @@ export CA_EXPIRE=1826
  \end{lstlisting}
  
  This will enhance the security of the key generation by using RSA keys
-with a length of 2048 bits, and set a lifetime of one year for the
-server/client certificates and five years for the CA certificate.
+with a length of 4096 bits, and set a lifetime of one year for the
+server/client certificates and five years for the CA certificate. \textbf{NOTE: 4096 bits is only an example of how to do this with easy-rsa.} See also section \ref{section:keylengths} for a discussion on keylengths.
  
  In addition, edit the \verb|pkitool| script and replace all occurences
  of \verb|sha1| with \verb|sha256|, to sign the certificates with
author	Aaron Kaplan <aaron@lo-res.org>
	Thu, 2 Jan 2014 13:35:06 +0000 (14:35 +0100)
committer	Aaron Kaplan <aaron@lo-res.org>
	Thu, 2 Jan 2014 13:35:06 +0000 (14:35 +0100)