[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: speaking of keys

To: ipsec@lists.tislabs.com
Subject: Re: speaking of keys
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Wed, 11 Dec 2002 10:49:58 -0500
In-reply-to: Your message of "10 Dec 2002 20:13:15 GMT." <at5hsr$vhf$1@abraham.cs.berkeley.edu>
Sender: owner-ipsec@lists.tislabs.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "David" == David Wagner <daw@mozart.cs.berkeley.edu> writes:
    David> But is it too small for the MUST requirement in the RFC?

    David> As I see it, we have to balance two costs here.  If we require a
    David> 1024-bit modulus, there is a risk it will get broken in our lifetime.
    David> If we require a 2048-bit modulus, some people will not use IPSEC because
    David> it is too slow (this is not just a risk; this is for sure).  How do we
    David> balance these two?

  I don't understand this argument. MUST doesn't mean that you have to use it
in an exchange, it means that you must support it. The purpose of the MUST is
to encourage interopability. It doesn't have to the fastest, nor the
cheapest. It has to be there for the long term. 

  If you are building a system where you control all components you may
configure it anyway that you like. So, if Verizon's new IP-mobile-phone needs
to use 1024 bit moduli, and they won't let me use a third party handset, they
can do what they like.

  Now, if asking for 1536 or 2048 bit moduli causes the software to always
use more resources than you can afford (i.e. 256 byte buffers for bignums 
rather than 128 byte buffers), then this is a problem. Is that really a
concern here?


    David> is that defaults matter, and it doesn't matter how good your crypto
    David> is if noone uses it (did you know that more than half of all 802.11
    David> networks are still running unencrypted?).  It seems unlikely to me

  Frankly, I'm impressed if there is more than 10% running 802.11 WEP-style
encryption. I think it is a total joke. We use IPsec everywhere, with 1536
bit moduli. A Zaurus can do this. In fact, here is a picture of one doing that:	   

      http://bert.secret-wg.org/Trips/IETF55/personal-organizer1-small.jpg

(from http://bert.secret-wg.org/Trips/IETF55/index.html )

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPfdepYqHRg3pndX9AQGergP9G6mUNxidVhNYIoXhaRV6Dqif02fpqwFo
N+Xu+ihW5a8W5k+9HMvt3aidWqZwDjADGlkXjt4zAQzSfrZJ6Dr6gOlc+Eo7q0dv
Jv+Wzwn8CpHt2EOso3FNEgGRRMj0W7SDI6Ixx/BGQ2WRC5GsppqnkACSbM2UZA+g
NGF0IFTvnlQ=
=pdX1
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: speaking of keys
  - From: Stephen Kent <kent@bbn.com>

References:
- Re: speaking of keys
  - From: daw@mozart.cs.berkeley.edu (David Wagner)

Prev by Date: Re: (more#4 fwd from ipsec) Re: Handling of IPcomp in IKEv2
Next by Date: Re: speaking of keys
Prev by thread: Re: speaking of keys
Next by thread: Re: speaking of keys
Index(es):
- Date
- Thread