[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: speaking of keys

To: ipsec@lists.tislabs.com
Subject: RE: speaking of keys
From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Date: Thu, 12 Dec 2002 17:34:31 -0800
In-Reply-To: <51C7002B020CD411824E009027C469F7DD341B@cldxch01.hifn.com>
References: <51C7002B020CD411824E009027C469F7DD341B@cldxch01.hifn.com>
Sender: owner-ipsec@lists.tislabs.com

Whatever we put for MUST will be the default for the UIs. Over half 
of the VPN boxes in our interop lab, all of which shipped this year, 
default to DES and MD5, not because any of the manufacturers think 
those are good ideas, but because those are the MUSTs in IKEv1.

If we pick too big of a single MUST, we will make IKEv2 look slow.

It sounds like most people who want a large value for MUST mean that 
they want to guarantee that large values can be used interoperably by 
people who can afford the CPU and/or accelerator time. To do that, we 
could say "MUST support key sizes of 1024, 1536, and 2048." That gets 
us the guarantee of interop, and forces the manufacturers to actually 
think about what they want their default values to be.

--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:
- RE: speaking of keys
  - From: Henry Spencer <henry@spsystems.net>

References:
- RE: speaking of keys
  - From: Bob Doud <BDoud@hifn.com>

Prev by Date: RE: speaking of keys
Next by Date: RE: speaking of keys
Prev by thread: RE: speaking of keys
Next by thread: RE: speaking of keys
Index(es):
- Date
- Thread