[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKEv2 Key Size Conformance Requirements
Paul:
I like the direction that we are going, but I would still like to handle
private keys too. Your proposal still only imposes requirements on the
handling of public keys. I think that 1024 is the appropriate MUST
statement for private keys.
Russ
At 12:32 PM 10/26/2002 -0700, Paul Hoffman / VPNC wrote:
>At 12:11 PM -0400 10/25/02, Housley, Russ wrote:
>>I am a bit confused by the text in IKEv2-03. I repeat a few paragraphs
>>from section 6:
>>
>> X.509 certificates containing and signed by RSA keys of size 512,
>> 768, 1024, and 2048 bits. (It SHOULD accept RSA keys of any multiple
>> of 8 bits in size from 512 bits to 4092 bits, and MAY accept RSA keys
>> of any size). If there is a limit on the size of an X.509
>> certificate, it MUST be at least 8K. If there is a limit on the
>> length of a certificate chain, it MUST be at least 10.
>>
>> X.509 certificates containing and signed by DSS keys of size 512,
>> 768, 1024, and 2048 bits. (It MAY accept DSS keys of any size).
>>
>>Here are my concerns:
>>
>>1. The first sentence of the first paragraph does not contain a
>>MUST. I think we want implementation to be able to perform RSA public
>>key operations using 512, 768, 1024, and 2048 bit RSA public keys.
>
>On the grammar point, the sentence preceding these paragraphs makes it
>seem like the MUST is there, but the MUST appears later as well. A little
>grammarizing needed here.
>
>On the list of actual key sizes, 512 and 768 should be removed from both
>lists. They are too small for modern security use.
>
>Why are DSS certificates a MUST? Few people support them, and the amount
>of interop testing for them is negligible.
>
>Why are every multiple of 8 bits required? Does anyone use these in real life?
>
>Proposed new wording:
>
> A conforming implementation MUST be able to authenticate with X.509
> certificates containing and signed by RSA keys of size 1024, 1536, and
> 2048 bits. It MAY process X.509 certificates of any size. If there is a
> limit on the length of a certificate chain, it MUST be at least 10.
>
> A conforming implementation MAY accept X.509 certificates containing
> and signed by non-RSA keys, such as DSS keys.
>
>
>--Paul Hoffman, Director
>--VPN Consortium