[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Bill" == Bill Sommerfeld <sommerfeld@east.sun.com> writes:
>> My opinion is that the conservative course is to only require
>> support of 1024 and 2048 bit keys, but I really don't much care (so
>> long as we make a decision).
Bill> Unless someone can demonstrate there's a meaningful difference in
Bill> security between a 1022-bit and a 1024-bit key, may I suggest that
Bill> Postel's rule of thumb ("Be liberal in what you accept and
Bill> conservative in what you send") applies here?
Bill> - MUST generate keys with moduli which are exactly at these bit sizes
Bill> - SHOULD accept keys with moduli even if slightly smaller than the mandatory
Bill> sizes.
I strongly agree.
The FreeSWAN default key size is presently 2192 bits. Why that number?
Because it is a bit bigger than 2048.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPcbe4YqHRg3pndX9AQHJUQP9FR4dFVN9j9UdKEERY6iPfY/+BR2MQfYC
Nj/CzORy52mvUb7TtrMsVfGynAYTZMaBTCR/RBJgl5O3zk9IZzeF/eaS+G+8Zdga
q7YQvcJFq4X/sYAlIwe8LFpts5YPvJZk2Mn3luy9H2ln2mqlzBjjDCT2BXia93+H
WiNVamPtzRg=
=DTiE
-----END PGP SIGNATURE-----