[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKEv2 Key Size Conformance Requirements
At 4:36 PM -0400 10/26/02, Housley, Russ wrote:
>I like the direction that we are going, but I would still like to
>handle private keys too. Your proposal still only imposes
>requirements on the handling of public keys. I think that 1024 is
>the appropriate MUST statement for private keys.
Sorry, I took for granted that if you could use someone else's
2048-bit public key, that you would be able to issue your own that
size. Would the following wording be better?
>> A conforming implementation MUST be able to create,
>> and to authenticate with, X.509
>> certificates containing and signed by RSA keys of size 1024, 1536, and
>> 2048 bits. It MAY process X.509 certificates of any size. If there is a
>> limit on the length of a certificate chain, it MUST be at least 10.
>>
>> A conforming implementation MAY accept X.509 certificates containing
>> and signed by non-RSA keys, such as DSS keys.
--Paul Hoffman, Director
--VPN Consortium