[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-ipsec-ikev2-06.txt
As Paul discussed, the MUST clauses can only refer to things that affect
compliance. Therefore, it sounds to me like the only MUST we need is the
following:
"Implementations that provide an interface for the user to enter a purely
alphanumeric shared secret (i.e. a password), must allow that value to be a
minimum of 64 bytes(*) long."
Then there can be the usual warning about poorly-chosen passwords elsewhere.
I'd be surprised if anyone didn't support 64 byte shared secrets already.
(*) Alphanumeric characters comprise 1/4th of the available 256 bits.
Therefore, for 128 bits of key strength, you need a minimum of 64 bytes.
Andrew
--------------------------------------
The odd thing about fairness is when
we strive so hard to be equitable
that we forget to be correct.
_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail