[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-ipsec-ikev2-06.txt

To: ipsec@lists.tislabs.com
Subject: Re: draft-ietf-ipsec-ikev2-06.txt
From: "Andrew Krywaniuk" <askrywan@hotmail.com>
Date: Fri, 11 Apr 2003 14:11:52 -0400
Sender: owner-ipsec@lists.tislabs.com

As Paul discussed, the MUST clauses can only refer to things that affect 
compliance. Therefore, it sounds to me like the only MUST we need is the 
following:

"Implementations that provide an interface for the user to enter a purely 
alphanumeric shared secret (i.e. a password), must allow that value to be a 
minimum of 64 bytes(*) long."

Then there can be the usual warning about poorly-chosen passwords elsewhere. 
I'd be surprised if anyone didn't support 64 byte shared secrets already.

(*) Alphanumeric characters comprise 1/4th of the available 256 bits. 
Therefore, for 128 bits of key strength, you need a minimum of 64 bytes.

Andrew
--------------------------------------
The odd thing about fairness is when
we strive so hard to be equitable
that we forget to be correct.




_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=features/featuredemail

Follow-Ups:
- Re: draft-ietf-ipsec-ikev2-06.txt
  - From: Paul Koning <pkoning@equallogic.com>

Prev by Date: Re: IKE V2 Open Issues
Next by Date: Re: IKE V2 Open Issues
Prev by thread: RE: draft-ietf-ipsec-ikev2-06.txt
Next by thread: Re: draft-ietf-ipsec-ikev2-06.txt
Index(es):
- Date
- Thread