[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: speaking of keys




David Wagner <daw@mozart.cs.berkeley.edu> wrote in message
at5hsr$vhf$1@abraham.cs.berkeley.edu">news:at5hsr$vhf$1@abraham.cs.berkeley.edu...

>
> As I see it, we have to balance two costs here.  If we require a
> 1024-bit modulus, there is a risk it will get broken in our lifetime.

True. I agree. I feel more comfortable with there being a larger bit modulus
selection for the requirement.

> If we require a 2048-bit modulus, some people will not use IPSEC because
> it is too slow (this is not just a risk; this is for sure).

True again.  Requirements of this size may hinder the use of IPSEC when
speed is of the essence.


 >At the moment, I'm inclined to suggest a 1024, 1200, or 1500-bit modulus
> for the MUST requirement.  One thing I've learned from the 802.11 fiasco
> is that defaults matter, and it doesn't matter how good your crypto
> is if noone uses it

Definitely, on the latter.

I'll agree with this notion at the moment.  It's a conservative choice, both
in speed and strength.

>(did you know that more than half of all 802.11
> networks are still running unencrypted?).  It seems unlikely to me that
> the Diffie-Hellman will be the weak point in most deployed systems, so I
> suspect the more conservative thing to do may be to maximize the number
> of systems using IPSEC.  But, I don't feel all that strongly about it,
> and I won't complain if some other size is chosen.

Same here, agreed.

Justin Troutman