[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Regrouping for IPSEC WORKING GROUP LAST CALL
Ted's assessment makes sense to me.
At a finer level of detail, if EC group definitions remain at this
stage, I believe that current text in isakmp-oakley-06 appears
self-inconsistent about the level of the groups' optionality and
probably needs some adjustment or clarification: section 4 states
generally that "ECP and EC2N groups MAY be supported", but sections 6.3
and 6.4 describe the particular cited groups as SHOULDs.
--jl
> ----------
> From: Theodore Y. Ts'o[SMTP:tytso@MIT.EDU]
> Sent: Friday, February 20, 1998 11:40 PM
> To: Paul Lambert
> Cc: ho@earth.hpc.org; ipsec@tis.com
> Subject: Re: Regrouping for IPSEC WORKING GROUP LAST CALL
>
> Question to the working group:
>
> Should we remove the EC groups altogether and defer these issues to
> IPSECOND?
>
> I am certainly not an expert in this field, but my understanding is
> that
> each EC group can have radically different properties of speed,
> security, and patent encumberances (if you want to do computations in
> that group efficiently). Hence, it is not as simple as picking some
> an
> RSA key length, where a bigger RSA key is better than a shorter length
> RSA key.
>
> It's not clear to we that we can do justice to all of these complex
> and
> inter-related issues during the working group last call. Sounds to me
> like we might want to defer this issue. What do others think?
>
> - Ted
>