[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: speaking of keys

To: Geoff Keating <geoffk@geoffk.org>
Subject: Re: speaking of keys
From: Russ Housley <housley@vigilsec.com>
Date: Mon, 09 Dec 2002 16:27:24 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: <jmn0nehq0h.fsf@desire.geoffk.org>
References: <5.2.0.9.2.20021206180652.0273c0f0@mail.binhost.com><3DF0557D.2314FC80@bell-labs.com><200212051428.JAA34568@ornavella.watson.ibm.com><3DEF8A1E.D988B6E3@bell-labs.com><asokhb$u6o$1@abraham.cs.berkeley.edu><3DF0557D.2314FC80@bell-labs.com><5.2.0.9.2.20021206180652.0273c0f0@mail.binhost.com>
Sender: owner-ipsec@lists.tislabs.com

Geoff:

I understand this asymmetry.  However, if one is trying to design hardware 
to accelerate the processing, then it would be nice to have a common size 
for all of the public key operations.

Russ

At 12:54 PM 12/9/2002 -0800, Geoff Keating wrote:
>Russ Housley <housley@vigilsec.com> writes:
>
> > Steve:
> >
> > I support your recommendation.  In fact, I was going to make the same
> > recommendation, but for a different reason.  I few weeks ago, we had a
> > long thread discussing mandatory to implement signature algorithms.
> > We decided that RSA with 1024-bit keys will be mandatory to implement.
> > So, if 1024 bits is adequate for the signature, it seems like 1024
> > should also be adequate for the key agreement algorithm.
>
>The threat model is different for signature vs. key agreement.  An
>identity verification algorithm must be broken before the identity is
>verified to have any impact, and can be changed in a short time if it
>starts to become ineffective.  A confidentality algorithm need only be
>broken before the data it protects loses value, which is a much longer
>timespan in IKE/IPSEC, and the algorithm used to protect data in the
>past can't be changed.  Thus, it doesn't follow that the algorithm
>used for key agreement need not be more secure than the one used for
>identity verification.
>
>--
>- Geoffrey Keating <geoffk@geoffk.org>

References:
- Re: speaking of keys
  - From: Russ Housley <housley@vigilsec.com>
- Re: Summary of key derivation thread
  - From: Uri Blumenthal <uri@bell-labs.com>
- Re: Summary of key derivation thread
  - From: Ran Canetti <canetti@watson.ibm.com>
- Re: Summary of key derivation thread
  - From: Uri Blumenthal <uri@bell-labs.com>
- Re: Summary of key derivation thread
  - From: daw@mozart.cs.berkeley.edu (David Wagner)
- Re: speaking of keys
  - From: Geoff Keating <geoffk@geoffk.org>

Prev by Date: Re: Handling of IPcomp in IKEv2
Next by Date: Re: Handling of IPcomp in IKEv2
Prev by thread: Re: speaking of keys
Next by thread: Re: speaking of keys
Index(es):
- Date
- Thread