[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IKEv2 Key Size Conformance Requirements
I am a bit confused by the text in IKEv2-03. I repeat a few paragraphs
from section 6:
X.509 certificates containing and signed by RSA keys of size 512,
768, 1024, and 2048 bits. (It SHOULD accept RSA keys of any multiple
of 8 bits in size from 512 bits to 4092 bits, and MAY accept RSA keys
of any size). If there is a limit on the size of an X.509
certificate, it MUST be at least 8K. If there is a limit on the
length of a certificate chain, it MUST be at least 10.
X.509 certificates containing and signed by DSS keys of size 512,
768, 1024, and 2048 bits. (It MAY accept DSS keys of any size).
Here are my concerns:
1. The first sentence of the first paragraph does not contain a MUST. I
think we want implementation to be able to perform RSA public key
operations using 512, 768, 1024, and 2048 bit RSA public keys.
2. I think that conformance statements about X.509 certificate buffer
sizes should be handled in a separate paragraph. Units should also be
provided. 8K bits? That is probably too small. 8K octets? This is
probably over kill. 2K octets is adequate most certificates.
3. The first sentence of the second paragraph does not contain a MUST. I
think we want implementation to be able to perform DSS public key
operations using 512, 768, 1024, and 2048 bit DSS public keys.
4. [DSS] does not permit 2048 bit public keys. An updated reference is
needed.
5. I would like to see requirements on private key operations too. Recent
guidance from NIST indicates that 1024 bit RSA and DSS keys are adequate
for protection of sensitive data until the year 2015. This seems like good
justification for making support for 1024 bit private key operations the
MUST. Of course, implementations MAY support any key size....
Russ