[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: speaking of keys

To: "'Paul Hoffman / VPNC'" <paul.hoffman@vpnc.org>
Subject: RE: speaking of keys
From: Bob Doud <BDoud@hifn.com>
Date: Thu, 12 Dec 2002 18:25:36 -0800
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

Excellent suggestion.  I agree.

Bob

Paul Hoffman / VPNC writes:
> 
> Whatever we put for MUST will be the default for the UIs. Over half 
> of the VPN boxes in our interop lab, all of which shipped this year, 
> default to DES and MD5, not because any of the manufacturers think 
> those are good ideas, but because those are the MUSTs in IKEv1.
> 
> If we pick too big of a single MUST, we will make IKEv2 look slow.
> 
> It sounds like most people who want a large value for MUST mean that 
> they want to guarantee that large values can be used interoperably by 
> people who can afford the CPU and/or accelerator time. To do that, we 
> could say "MUST support key sizes of 1024, 1536, and 2048." That gets 
> us the guarantee of interop, and forces the manufacturers to actually 
> think about what they want their default values to be.
> 
> --Paul Hoffman, Director
> --VPN Consortium
>

Follow-Ups:
- Re: speaking of keys
  - From: Derrell Piper <ddp@electric-loft.org>

Prev by Date: RE: speaking of keys
Next by Date: Re: (more#4 fwd from ipsec) Re: Handling of IPcomp in IKEv2
Prev by thread: RE: speaking of keys
Next by thread: Re: speaking of keys
Index(es):
- Date
- Thread