[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2 Key Size Conformance Requirements



Paul:

I like the direction that we are going, but I would still like to handle 
private keys too.  Your proposal still only imposes requirements on the 
handling of public keys.  I think that 1024 is the appropriate MUST 
statement for private keys.

Russ

At 12:32 PM 10/26/2002 -0700, Paul Hoffman / VPNC wrote:
>At 12:11 PM -0400 10/25/02, Housley, Russ wrote:
>>I am a bit confused by the text in IKEv2-03.  I repeat a few paragraphs 
>>from section 6:
>>
>>    X.509 certificates containing and signed by RSA keys of size 512,
>>    768, 1024, and 2048 bits. (It SHOULD accept RSA keys of any multiple
>>    of 8 bits in size from 512 bits to 4092 bits, and MAY accept RSA keys
>>    of any size).  If there is a limit on the size of an X.509
>>    certificate, it MUST be at least 8K. If there is a limit on the
>>    length of a certificate chain, it MUST be at least 10.
>>
>>    X.509 certificates containing and signed by DSS keys of size 512,
>>    768, 1024, and 2048 bits. (It MAY accept DSS keys of any size).
>>
>>Here are my concerns:
>>
>>1.  The first sentence  of the first paragraph does not contain a 
>>MUST.  I think we want implementation to be able to perform RSA public 
>>key operations using 512, 768, 1024, and 2048 bit RSA public keys.
>
>On the grammar point, the sentence preceding these paragraphs makes it 
>seem like the MUST is there, but the MUST appears later as well. A little 
>grammarizing needed here.
>
>On the list of actual key sizes, 512 and 768 should be removed from both 
>lists. They are too small for modern security use.
>
>Why are DSS certificates a MUST? Few people support them, and the amount 
>of interop testing for them is negligible.
>
>Why are every multiple of 8 bits required? Does anyone use these in real life?
>
>Proposed new wording:
>
>   A conforming implementation MUST be able to authenticate with X.509
>   certificates containing and signed by RSA keys of size 1024, 1536, and
>   2048 bits. It MAY process X.509 certificates of any size. If there is a
>   limit on the length of a certificate chain, it MUST be at least 10.
>
>   A conforming implementation MAY accept X.509 certificates containing
>   and signed by non-RSA keys, such as DSS keys.
>
>
>--Paul Hoffman, Director
>--VPN Consortium