[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: speaking of keys

To: ipsec@lists.tislabs.com
Subject: Re: speaking of keys
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Fri, 06 Dec 2002 15:23:00 -0500
In-reply-to: Your message of "Fri, 06 Dec 2002 10:37:58 MST." <200212061737.gB6Hbw706193@localhost.localdomain>
Sender: owner-ipsec@lists.tislabs.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "The" == The Purple Streak, Hilarie Orman <ho@alum.mit.edu> writes:
    The> You only get about 80 bits of strength from a 1024-bit DH group.  That
    The> seems insufficient for reasonable paranoids.

  Yes.
  I'd like to see the 1536 group ("group 5", still in ID queue) as a MUST
in IKEv2, and I'd like to see the next larger group given a SHOULD.

  (group 5 is spec'ed as MUST for FreeSWAN-style Opportunistic Encryption,
to support 3DES)

  It is very important that we spec something, and that we also suggest where
the failover direction is.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPfEHIoqHRg3pndX9AQFmzQQAsXT+zicDWjynT0zYiEJ85bGNdfv8ssl4
LYg/PI9PcL1xlbz0oW41Lc924fZO5aKsHCNtMN1UpEWg6LLXXkvs0m0hU+0ijIZs
KvGgEfizwdOfAFRw/P1SgjNsSO01YKOh0zSv8M9OgBiYMcN/p5UeQPX0UeYgxZZV
KQpjqLeA12k=
=bm+5
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: speaking of keys
  - From: Stephen Kent <kent@bbn.com>

References:
- Re: speaking of keys
  - From: "The Purple Streak, Hilarie Orman" <ho@alum.mit.edu>

Prev by Date: Re: speaking of keys
Next by Date: IPSEC Known answer test cases
Prev by thread: Re: speaking of keys
Next by thread: Re: speaking of keys
Index(es):
- Date
- Thread