[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: speaking of keys

To: Russ Housley <housley@vigilsec.com>
Subject: Re: speaking of keys
From: Geoff Keating <geoffk@geoffk.org>
Date: 09 Dec 2002 12:54:38 -0800
CC: ipsec@lists.tislabs.com
In-Reply-To: <5.2.0.9.2.20021206180652.0273c0f0@mail.binhost.com>
References: <3DF0557D.2314FC80@bell-labs.com><200212051428.JAA34568@ornavella.watson.ibm.com><3DEF8A1E.D988B6E3@bell-labs.com><asokhb$u6o$1@abraham.cs.berkeley.edu><3DF0557D.2314FC80@bell-labs.com><5.2.0.9.2.20021206180652.0273c0f0@mail.binhost.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

Russ Housley <housley@vigilsec.com> writes:

> Steve:
> 
> I support your recommendation.  In fact, I was going to make the same
> recommendation, but for a different reason.  I few weeks ago, we had a
> long thread discussing mandatory to implement signature algorithms.
> We decided that RSA with 1024-bit keys will be mandatory to implement.
> So, if 1024 bits is adequate for the signature, it seems like 1024
> should also be adequate for the key agreement algorithm.

The threat model is different for signature vs. key agreement.  An
identity verification algorithm must be broken before the identity is
verified to have any impact, and can be changed in a short time if it
starts to become ineffective.  A confidentality algorithm need only be
broken before the data it protects loses value, which is a much longer
timespan in IKE/IPSEC, and the algorithm used to protect data in the
past can't be changed.  Thus, it doesn't follow that the algorithm
used for key agreement need not be more secure than the one used for
identity verification.

-- 
- Geoffrey Keating <geoffk@geoffk.org>

Follow-Ups:
- Re: speaking of keys
  - From: Russ Housley <housley@vigilsec.com>

References:
- Re: Summary of key derivation thread
  - From: Uri Blumenthal <uri@bell-labs.com>
- Re: Summary of key derivation thread
  - From: Ran Canetti <canetti@watson.ibm.com>
- Re: Summary of key derivation thread
  - From: Uri Blumenthal <uri@bell-labs.com>
- Re: Summary of key derivation thread
  - From: daw@mozart.cs.berkeley.edu (David Wagner)
- Re: speaking of keys
  - From: Russ Housley <housley@vigilsec.com>

Prev by Date: Re: Handling of IPcomp in IKEv2
Next by Date: Re: Handling of IPcomp in IKEv2
Prev by thread: Re: speaking of keys
Next by thread: Re: speaking of keys
Index(es):
- Date
- Thread