[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKEv2 Key Size Conformance Requirements
At 12:01 PM -0500 10/28/02, Housley, Russ wrote:
>No. A CA, not a IPsec implementation, creates certificates.
Er, right, of course. How about:
>> A conforming implementation MUST be able to sign and authenticate with
>> X.509
>> certificates containing and signed by RSA keys of size 1024, 1536, and
>> 2048 bits. It MAY process X.509 certificates of any size. If there is a
>> limit on the length of a certificate chain, it MUST be at least 10.
>>
>> A conforming implementation MAY accept X.509 certificates containing
>> and signed by non-RSA keys, such as DSS keys.
--Paul Hoffman, Director
--VPN Consortium