[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

To: Lewis McCarthy <lmccarth@cs.umass.edu>
Subject: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
From: Tero Kivinen <kivinen@ssh.fi>
Date: Thu, 9 Apr 1998 11:26:26 +0300 (EET DST)
Cc: The IESG <iesg@ietf.org>, IP Security List <ipsec@tis.com>
In-Reply-To: <352AEAFC.167E@cs.umass.edu>
Organization: SSH Communications Security Oy
References: <199803202008.PAA28002@ns.ietf.org><352AEAFC.167E@cs.umass.edu>
Sender: owner-ipsec@ex.tis.com

Lewis McCarthy writes:
> [1] As Matt Thomas observed, IKE does not specify what action should be taken
> in the "original" Encryption Mode of authentication in the event that the
> ID payload exceeds the maximum data size for PKCS #1 encryption with the
> peer's public RSA key.

Note, that also the revised RSA encryption mode of authentication has
this problem. The nonce size can be up to 256 bytes so you need bigger
than 2048+padding RSA bit key to encrypt that. I think in the revised
rsa encryption mode we should just say that the nonce size used must
be such that it can be encrypted using single rsa encryption
operation.
-- 
kivinen@iki.fi                               Work : +358-9-4354 3207
Magnus Enckellin kuja 9 K 19, 02610, Espoo   Home : +358-9-502 1573

References:

Last Call: Security Architecture for the Internet Protocol to Proposed Standard

From: The IESG <iesg-secretary@ns.ietf.org>

Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

From: Lewis McCarthy <lmccarth@cs.umass.edu>

Prev by Date: What is meant by routing header ?
Next by Date: public key cryptography on ISAKMP
Prev by thread: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Next by thread: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Index(es):
- Main
- Thread