[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last ditch proposal for crypto suites

To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Subject: Re: Last ditch proposal for crypto suites
From: Bill Sommerfeld <sommerfeld@east.sun.com>
Date: Fri, 30 Aug 2002 13:15:40 -0400
cc: Charlie_Kaufman@notesdev.ibm.com, ipsec@lists.tislabs.com
In-Reply-To: Your message of "Fri, 30 Aug 2002 08:49:56 PDT." <2F3EC696EAEED311BB2D009027C3F4F40DF2DD25@vhqpostal.verisign.com>
Reply-to: sommerfeld@east.sun.com
Sender: owner-ipsec@lists.tislabs.com

> As a practical matter requiring keys to be multiples of 32 bits is
> also a good idea (there is a 1000 bit key in use).

Could you expand on this?  I don't see how this helps either
interoperability or security.  

We've run into interoperability issues when moving private keys
between different RSA implementations due to assumptions made about
the precise modulus size or the precise size of the primes.  

I'd hate to see the same happen for public keys as well, and I'd
prefer to avoid forcing customers to regenerate their long-term keys
to migrate to IKEv2.

					- Bill

References:
- RE: Last ditch proposal for crypto suites
  - From: "Hallam-Baker, Phillip" <pbaker@verisign.com>

Prev by Date: RE: Last ditch proposal for crypto suites
Next by Date: Re: Last ditch proposal for crypto suites
Prev by thread: RE: Last ditch proposal for crypto suites
Next by thread: RE: Last ditch proposal for crypto suites
Index(es):
- Date
- Thread