Re: speaking of keys

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Marcus" == Marcus Leech <mleech@nortelnetworks.com> writes:
    Marcus> I really don't have a problem with MUSTing a couple of groups at
    Marcus>   least.

    Marcus>     1024 - fast, but somewhat less secure
    Marcus>     15xx - slower, but rather more secure

    Marcus> I can sympathize with not wanting to mandate the much larger groups. 
    Marcus> Small
    Marcus>   devices (telephones, for example) really do have some serious storage
    Marcus>   and peformance issues, but storage is the real killer, as it
    Marcus>   turns

  Marcus, while I would be overjoyed to see these devices do random IPsec
connections to random other devices, I have serious doubts that this is
really going to occur.  
  What's the application?  VPNs? VoIP?
  I honestly have my doubts here. A device that can afford a full fledged
Java implementation to web surf and do IMAP, that can't do IKE?
  While Bert's laptop
       <http://bert.secret-wg.org/Trips/IETF55/index.html>

  runs IPsec OE, it has as much ram as my previous notebook computer, and
more CPU, actually.
 
  I just don't get it. You can't set these numbers in isolation from the 
applications involved.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [





  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPgTA7oqHRg3pndX9AQFhzwQAuq2Vjcnvogi4X/6yuLVWTLJa71w0WedD
cdqFb5V699AhtrR6t7z2fVbDaRUF855XXtmJF/ehVoSR9d53Jo57OqhZ4kpmtkW6
MlkHczwGXcQDqeQyIxrOt6rPjhJ9ynlYkJsjZYq50ru1TOhN9+JSdEKOrancy+YI
YjuY0ufzpug=
=k7BJ
-----END PGP SIGNATURE-----