[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Re: IKEv2 Key Size Conformance Requirements

To: ipsec@lists.tislabs.com
Subject: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
From: Uri Blumenthal <uri@lucent.com>
Date: Mon, 04 Nov 2002 16:45:12 -0500
Organization: Lucent Technologies
References: <200211041813.gA4IDerL021918@thunk.east.sun.com>
Sender: owner-ipsec@lists.tislabs.com

Bill Sommerfeld wrote:
> Unless someone can demonstrate there's a meaningful difference in
> security between a 1022-bit and a 1024-bit key, may I suggest that
> Postel's rule of thumb ("Be liberal in what you accept and
> conservative in what you send") applies here?
> 
>  - MUST generate keys with moduli which are exactly at these bit sizes
>  - SHOULD accept keys with moduli even if slightly smaller than the
>    mandatory sizes.

Considering the reality we live i - I second this opinion.

References:
- Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>

Prev by Date: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
Next by Date: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
Prev by thread: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
Next by thread: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
Index(es):
- Date
- Thread