[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: speaking of keys
Excellent suggestion. I agree.
Bob
Paul Hoffman / VPNC writes:
>
> Whatever we put for MUST will be the default for the UIs. Over half
> of the VPN boxes in our interop lab, all of which shipped this year,
> default to DES and MD5, not because any of the manufacturers think
> those are good ideas, but because those are the MUSTs in IKEv1.
>
> If we pick too big of a single MUST, we will make IKEv2 look slow.
>
> It sounds like most people who want a large value for MUST mean that
> they want to guarantee that large values can be used interoperably by
> people who can afford the CPU and/or accelerator time. To do that, we
> could say "MUST support key sizes of 1024, 1536, and 2048." That gets
> us the guarantee of interop, and forces the manufacturers to actually
> think about what they want their default values to be.
>
> --Paul Hoffman, Director
> --VPN Consortium
>