[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: speaking of keys

To: ipsec@lists.tislabs.com
Subject: Re: speaking of keys
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Fri, 06 Dec 2002 16:09:36 -0500
In-reply-to: Your message of "Fri, 06 Dec 2002 15:48:52 EST." <p0510031bba16bc38c1fd@[128.89.88.34]>
Sender: owner-ipsec@lists.tislabs.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Stephen" == Stephen Kent <kent@bbn.com> writes:
    Stephen> Also, let's remember that the key size is not the only factor in 
    Stephen> determining the security of these systems.  It's tempting to raise 

  Absolutely.

    Stephen> software implementation on a user WS/laptop where there are lots more 
    Stephen> likely ways that the security of the traffic will be compromised 
    Stephen> (other than solving the discrete log problem for a 1024-bit group) 
    Stephen> and where the performance hit will be most visible and thus may 
    Stephen> eventually motivate an individual to NOT use IPsec at all.

  I think that we can write a MAY for a smaller size (i.e. 1024). 
  The reason to pick something for the MUST is interoperability. That is the
only reason.

    Stephen> I don't have a problem with a MAY for bigger groups, but I really 
    Stephen> think it is most appropriate to focus on the management facility to 
    Stephen> allow user communities to select their own, of whatever size they 
    Stephen> feel is appropriate.

  It has been a long time since anyone has talked about APIs. 

  Bill Sommerfeld has promised to take us (IPSP specifically) down that path
again, and it is high time that we do this. I do not think that applications
writers should have to deal with DH modulus size. I think that we should have
a direct mapping that gives minimum modulus sizes for particular levels of
security.

  I don't have a problem with having a notch in the slider set for "80-bits",
which really implies a 1024-bit modulus with 3DES or 128-bit AES, with
another notch at 128.

  It would be nice if there was another unit we could use other than bits
to expose to the user, but I don't see another one that is CPU-speed
independant (not local CPU speed, but CPU speed size of attacker). 
Herman style:
  "You must be at least $$$-well funded to bother brute forcing this castle".

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPfESDoqHRg3pndX9AQECIgQAmMYFIwmK9U+mjmx57wIIk9+sO8YG5oN2
OhjsGlCV1bxoVdSnodvdJG37XqJs1/IXR/7Fm9tSCpFiR4I8BegXenBDileOHr4J
FGqKpP5Qp/t+u6/hwKOxm9RZET184p6OZdK3uNEPSgfLJ0zdkuYl18EO/p2KODYd
FADACpcupzA=
=UMgt
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: speaking of keys
  - From: Stephen Kent <kent@bbn.com>

References:
- Re: speaking of keys
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: speaking of keys
Next by Date: Summary of revised identity changes
Prev by thread: Re: speaking of keys
Next by thread: Re: speaking of keys
Index(es):
- Date
- Thread