[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Re: IKEv2 Key Size Conformance Requirements

To: pgut001@cs.auckland.ac.nz (Peter Gutmann)
Subject: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
From: Charlie_Kaufman@notesdev.ibm.com
Date: Sun, 3 Nov 2002 20:25:20 -0500
Cc: ipsec@lists.tislabs.com, owner-ipsec@lists.tislabs.com
In-Reply-To: <200210301429.DAA242004@ruru.cs.auckland.ac.nz>
Sender: owner-ipsec@lists.tislabs.com

Based on this discussion, I propose change the MUST requirements to 1024
and 2048 bit RSA keys (both public and private), with a MAY for all other
sizes. I would expect most implementations would implement a large
collection of sizes, but this avoids unnecessary growth of the testing
matrix. (And yes, I'll fix the wording so that the MUST requirements have
the keyword MUST in them).

Objections? I'm concerned about the following:

Bill Sommerfeld <sommerfeld@east.sun.com> wrote:
> For what it's worth, I'll repeat what I said last time.. *in real
> life* I've seen both PGP and SSH implementations generate keys with
> moduli which were a bit or two shorter than the desired size.

Key generation implementations that pick random primes sometimes come up
with moduli a bit or two shorter than they had intended. There is something
to be said for explicitly allowing them by requiring support for such
moduli. On the other hand, at one time the default CSP that shipped with
Microsoft Windows had a restriction that it could only work with moduli
that were a multiple of 8 bits (or was it 16 bits?) long. When I inquired
at the time, I was told that they knew about the problem but had no plans
to fix it. I don't know whether they have. There may be other
implementations around with similar restrictions, so there is something to
be said for disallowing keys that would break those implementations. My
opinion is that the conservative course is to only require support of 1024
and 2048 bit keys, but I really don't much care (so long as we make a
decision).

What about DSS keys? I made them a MUST in my draft, and one person
protested. How many would protest if it were a MAY? I don't think DSS keys
are much used, but it seemed politically correct to require them anyway. I
don't even have an opinion on this one... just wrote what I thought would
raise the fewest howls.

          --Charlie

Opinions expressed may not even be mine by the time you read them, and
certainly don't reflect those of any other entity (legal or otherwise).

Follow-Ups:
- Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
  - From: Stephen Kent <kent@bbn.com>
- Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>

Prev by Date: Fwd: Last Call: IPsec Configuration Policy Model to ProposedStandard
Next by Date: RE: Dead peer detection
Prev by thread: Fwd: Last Call: IPsec Configuration Policy Model to ProposedStandard
Next by thread: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
Index(es):
- Date
- Thread