[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Interoperability (was: Death to AH?)

To: Paul Koning <pkoning@xedia.com>
Subject: Re: Interoperability (was: Death to AH?)
From: "John Harleman" <jharleman@certicom.com>
Date: Wed, 7 Jun 2000 22:02:07 -0700
cc: dharkins@cips.nokia.com, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

Hi Paul:

Excuse my delay, but what do you think of the IPSec-AES draft and the key
strenghts that were accepted into ANSI? As far as comparisons, with any cipher
they are made by evaluating the time to crack using the best known attacks
today. Provided that the cipher has undergone sufficient standards scrutiny such
as all of the FIPS standards--DES, DSA, RSA, and ECC, I believe that these are
valid. There will always be some disention around the edges, but isn't it better
to use the yardstick that the overwhelming majority of the community agree upon?
cheers - john





Paul Koning <pkoning@xedia.com> on 05.06.2000 07:29:01

To:   John Harleman/Certicom@Certicom
cc:   dharkins@cips.nokia.com, ipsec@lists.tislabs.com
Subject:  Re: Interoperability (was: Death to AH?)




>>>>> "John" == John Harleman <jharleman@certicom.com> writes:

 John> There is no order, but there is a well documented strength even
 John> between differnent crypto systems. If you accept Dan's approach
 John> to variable key-length ciphers, why wouldn't you accpet it for
 John> variable key length public-key algorithms?

I assume you meant that there is "a well documented ordering of
strength for the different systems".

If so, I would disagree.  Certainly people have voiced the opinion
that ECC with an x bit key is as strong as RSA with a y bit key.  But
others have voiced different opinions.

Similarly, you may be able to find opinions on the relative strength
of, say, IDEA, 3DES, and Blowfish, but I don't think you will find
consensus.

On the other hand, I would be surprised to see, for any reasonably
designed cipher, a result that security decreases when the key size
increases.  So it appears safe to say there is a partial order, i.e.,
for two ciphers that use the *same* system but different key length,
the one with the larger key has security >= that of the one with the
smaller key.  But I don't agree you can do anything analogous when the
ciphers are from different systems -- whether the systems are
symmetric or asymmetric.

       paul

----------------
  ...
 Dan> And where in the scale do you add new groups or groups of
 Dan> different types-- elliptic curve vs. prime modulus?

 John> I think you have to leave that one out.  The reason is that,
 John> unlike all the other examples, there is no clear order among
 John> these.  That indeed is the problem with the group number: it
 John> only has a partial order.

 John> paul

Follow-Ups:

Re: Interoperability (was: Death to AH?)

From: Paul Koning <pkoning@xedia.com>

Prev by Date: Query: Status of The IKE draft (later than RFC 2409)
Next by Date: Re: Interoperability (was: Death to AH?)
Prev by thread: RE: DES (was: Interoperability)
Next by thread: Re: Interoperability (was: Death to AH?)
Index(es):
- Main
- Thread