[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Fwd: Re: IKEv2 Key Size Conformance Requirements

To: "'ipsec'" <ipsec@lists.tislabs.com>
Subject: RE: Fwd: Re: IKEv2 Key Size Conformance Requirements
From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
Date: 5 Nov 2002 10:51:22 -0500
Importance: Normal
In-Reply-To: <002e01c28494$382a07a0$45bbfea9@amanda2>
Reply-To: andrew.krywaniuk@alcatel.com
Sender: owner-ipsec@lists.tislabs.com

I still haven't figured out what the big deal is. If someone wants to use a
1022 bit key, can't they just call it a 1024 bit key where the 2 leading
bits are zero? Is there some RSA chip/library out there that assumes that
the high bit is a 1? The math works either way.

Andrew
--------------------------------------
The odd thing about fairness is when
we strive so hard to be equitable
that we forget to be correct.


> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Ahmed Bin
> Abbas Ahmed
> Ali Adas
> Sent: Tuesday, November 05, 2002 1:26 AM
> To: sommerfeld@east.sun.com
> Cc: ipsec@lists.tislabs.com
> Subject: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
>
>
> Bill
>
> All of us know that 1024 bits key makes 128 - 8 bit bytes, since the
> computer industry is shifting more and more to embedded
> cryptography, i.e in
> the VLSI chips. I believe we should keep the pattern of
> integral multiples
> of bytes. In other words we keep the 1024 bits keys.
>
> Regards
>
> Ahmed Adas
> alaadas@kaau.edu.sa
>
> ----- Original Message -----
> From: "Bill Sommerfeld" <sommerfeld@east.sun.com>
> To: <Charlie_Kaufman@notesdev.ibm.com>
> Cc: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>;
> <ipsec@lists.tislabs.com>;
> <owner-ipsec@lists.tislabs.com>
> Sent: Monday, November 04, 2002 9:13 PM
> Subject: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
>
>
> > > My opinion is that the conservative course is to only require
> > > support of 1024 and 2048 bit keys, but I really don't
> much care (so
> > > long as we make a decision).
> >
> > Unless someone can demonstrate there's a meaningful difference in
> > security between a 1022-bit and a 1024-bit key, may I suggest that
> > Postel's rule of thumb ("Be liberal in what you accept and
> > conservative in what you send") applies here?
> >
> >  - MUST generate keys with moduli which are exactly at
> these bit sizes
> >  - SHOULD accept keys with moduli even if slightly smaller than the
> mandatory
> > sizes.
> >
> > - Bill
> >
>

Follow-Ups:
- Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
  - From: Dan McDonald <danmcd@east.sun.com>
- Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

References:
- Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
  - From: "Ahmed Bin Abbas Ahmed Ali Adas" <alaadas@kaau.edu.sa>

Prev by Date: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
Next by Date: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
Prev by thread: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
Next by thread: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
Index(es):
- Date
- Thread