[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2 Key Size Conformance Requirements

To: "Housley, Russ" <rhousley@rsasecurity.com>
Subject: Re: IKEv2 Key Size Conformance Requirements
From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Date: Mon, 28 Oct 2002 09:07:57 -0800
Cc: ipsec@lists.tislabs.com
In-Reply-To: <5.1.0.14.2.20021028120114.0316cc68@exna07.securitydynamics.com>
References: <<5.1.0.14.2.20021026163507.031e24a8@exna07.securitydynamics.com> <<5.1.0.14.2.20021025115425.03328590@exna07.securitydynamics.com><5.1.0.14.2.20021025115425.03328590@exna07.securitydynamics.com><5.1.0.14.2.20021026163507.031e24a8@exna07.securitydynamics.com><5.1.0.14.2.20021028120114.0316cc68@exna07.securitydynamics.com>
Sender: owner-ipsec@lists.tislabs.com

At 12:01 PM -0500 10/28/02, Housley, Russ wrote:
>No.  A CA, not a IPsec implementation, creates certificates.

Er, right, of course. How about:

>>   A conforming implementation MUST be able to sign and authenticate with
>>   X.509
>>   certificates containing and signed by RSA keys of size 1024, 1536, and
>>   2048 bits. It MAY process X.509 certificates of any size. If there is a
>>   limit on the length of a certificate chain, it MUST be at least 10.
>>
>>   A conforming implementation MAY accept X.509 certificates containing
>>   and signed by non-RSA keys, such as DSS keys.

--Paul Hoffman, Director
--VPN Consortium

References:
- Re: IKEv2 Key Size Conformance Requirements
  - From: "Housley, Russ" <rhousley@rsasecurity.com>
- IKEv2 Key Size Conformance Requirements
  - From: "Housley, Russ" <rhousley@rsasecurity.com>
- Re: IKEv2 Key Size Conformance Requirements
  - From: "Housley, Russ" <rhousley@rsasecurity.com>

Prev by Date: Re: IKEv2 Key Size Conformance Requirements
Next by Date: Re: IKEv2 Key Size Conformance Requirements
Prev by thread: Re: IKEv2 Key Size Conformance Requirements
Next by thread: Re: IKEv2 Key Size Conformance Requirements
Index(es):
- Date
- Thread