[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Re: IKEv2 Key Size Conformance Requirements

To: Charlie_Kaufman@notesdev.ibm.com
Subject: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
From: Bill Sommerfeld <sommerfeld@east.sun.com>
Date: Mon, 04 Nov 2002 13:13:39 -0500
cc: pgut001@cs.auckland.ac.nz (Peter Gutmann), ipsec@lists.tislabs.com, owner-ipsec@lists.tislabs.com
In-Reply-To: Your message of "Sun, 03 Nov 2002 20:25:20 EST." <OF9C379683.848477F0-ON85256C67.00064160-85256C67.0007D05B@iris.com>
Reply-to: sommerfeld@east.sun.com
Sender: owner-ipsec@lists.tislabs.com

> My opinion is that the conservative course is to only require
> support of 1024 and 2048 bit keys, but I really don't much care (so
> long as we make a decision).

Unless someone can demonstrate there's a meaningful difference in
security between a 1022-bit and a 1024-bit key, may I suggest that
Postel's rule of thumb ("Be liberal in what you accept and
conservative in what you send") applies here?

 - MUST generate keys with moduli which are exactly at these bit sizes
 - SHOULD accept keys with moduli even if slightly smaller than the mandatory 
sizes.

					- Bill

Follow-Ups:
- Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
- Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
  - From: Uri Blumenthal <uri@lucent.com>
- Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
  - From: "Ahmed Bin Abbas Ahmed Ali Adas" <alaadas@kaau.edu.sa>

References:
- Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
  - From: Charlie_Kaufman@notesdev.ibm.com

Prev by Date: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
Next by Date: Re: Public key distribution methods?
Prev by thread: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
Next by thread: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
Index(es):
- Date
- Thread