[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Re: IKEv2 Key Size Conformance Requirements



Bill

All of us know that 1024 bits key makes 128 - 8 bit bytes, since the
computer industry is shifting more and more to embedded cryptography, i.e in
the VLSI chips. I believe we should keep the pattern of integral multiples
of bytes. In other words we keep the 1024 bits keys.

Regards

Ahmed Adas
alaadas@kaau.edu.sa

----- Original Message -----
From: "Bill Sommerfeld" <sommerfeld@east.sun.com>
To: <Charlie_Kaufman@notesdev.ibm.com>
Cc: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>; <ipsec@lists.tislabs.com>;
<owner-ipsec@lists.tislabs.com>
Sent: Monday, November 04, 2002 9:13 PM
Subject: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements


> > My opinion is that the conservative course is to only require
> > support of 1024 and 2048 bit keys, but I really don't much care (so
> > long as we make a decision).
>
> Unless someone can demonstrate there's a meaningful difference in
> security between a 1022-bit and a 1024-bit key, may I suggest that
> Postel's rule of thumb ("Be liberal in what you accept and
> conservative in what you send") applies here?
>
>  - MUST generate keys with moduli which are exactly at these bit sizes
>  - SHOULD accept keys with moduli even if slightly smaller than the
mandatory
> sizes.
>
> - Bill
>