BCP 86, RFC 3766 on Determining Strengths For Public Keys Used For Exchanging Symmetric Keys
rfc-editor@rfc-editor.org Tue, 27 April 2004 15:44 UTC
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA07992 for <ietf-announce-archive@ietf.org>; Tue, 27 Apr 2004 11:44:17 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BIUkr-0006vV-CB for ietf-announce-archive@ietf.org; Tue, 27 Apr 2004 11:44:17 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BIUjf-0006jJ-00 for ietf-announce-archive@ietf.org; Tue, 27 Apr 2004 11:43:05 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BIUh5-0006Ux-00 for ietf-announce-archive@ietf.org; Tue, 27 Apr 2004 11:40:23 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BIURJ-0002r5-2J; Tue, 27 Apr 2004 11:24:05 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BIFM0-0003cV-Ma for ietf-announce@optimus.ietf.org; Mon, 26 Apr 2004 19:17:36 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA02742 for <ietf-announce@ietf.org>; Mon, 26 Apr 2004 19:17:33 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BIFLz-0006jw-5v for ietf-announce@ietf.org; Mon, 26 Apr 2004 19:17:35 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BIFL2-0006e9-00 for ietf-announce@ietf.org; Mon, 26 Apr 2004 19:16:37 -0400
Received: from boreas.isi.edu ([128.9.160.161]) by ietf-mx with esmtp (Exim 4.12) id 1BIFKT-0006YR-00 for ietf-announce@ietf.org; Mon, 26 Apr 2004 19:16:02 -0400
Received: from ISI.EDU (adma.isi.edu [128.9.160.239]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id i3QNFMN13502; Mon, 26 Apr 2004 16:15:22 -0700 (PDT)
Message-Id: <200404262315.i3QNFMN13502@boreas.isi.edu>
To: IETF-Announce:;
Subject: BCP 86, RFC 3766 on Determining Strengths For Public Keys Used For Exchanging Symmetric Keys
Cc: rfc-editor@rfc-editor.org
From: rfc-editor@rfc-editor.org
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
Date: Mon, 26 Apr 2004 16:15:22 -0700
X-ISI-4-28-6-MailScanner: Found to be clean
X-MailScanner-From: rfc-ed@isi.edu
Sender: ietf-announce-admin@ietf.org
Errors-To: ietf-announce-admin@ietf.org
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Id: <ietf-announce.ietf.org>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=-1.6 required=5.0 tests=AWL,MIME_BOUND_NEXTPART, NO_REAL_NAME autolearn=no version=2.60
A new Request for Comments is now available in online RFC libraries. BCP 86 RFC 3766 Title: Determining Strengths For Public Keys Used For Exchanging Symmetric Keys Author(s): H. Orman, P. Hoffman Status: Best Current Practice Date: April 2004 Mailbox: hilarie@purplestreak.com, paul.hoffman@vpnc.org Pages: 23 Characters: 55939 SeeAlso: BCP 86 I-D Tag: draft-orman-public-key-lengths-08.txt URL: ftp://ftp.rfc-editor.org/in-notes/rfc3766.txt Implementors of systems that use public key cryptography to exchange symmetric keys need to make the public keys resistant to some predetermined level of attack. That level of attack resistance is the strength of the system, and the symmetric keys that are exchanged must be at least as strong as the system strength requirements. The three quantities, system strength, symmetric key strength, and public key strength, must be consistently matched for any network protocol usage. While it is fairly easy to express the system strength requirements in terms of a symmetric key length and to choose a cipher that has a key length equal to or exceeding that requirement, it is harder to choose a public key that has a cryptographic strength meeting a symmetric key strength requirement. This document explains how to determine the length of an asymmetric key as a function of a symmetric key strength requirement. Some rules of thumb for estimating equivalent resistance to large-scale attacks on various algorithms are given. The document also addresses how changing the sizes of the underlying large integers (moduli, group sizes, exponents, and so on) changes the time to use the algorithms for key exchange. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Distribution of this memo is unlimited. This announcement is sent to the IETF list and the RFC-DIST list. Requests to be added to or deleted from the IETF distribution list should be sent to IETF-REQUEST@IETF.ORG. Requests to be added to or deleted from the RFC-DIST distribution list should be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG. Details on obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body help: ways_to_get_rfcs. For example: To: rfc-info@RFC-EDITOR.ORG Subject: getting rfcs help: ways_to_get_rfcs Requests for special distribution should be addressed to either the author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution.echo Submissions for Requests for Comments should be sent to RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC Authors, for further information. Joyce K. Reynolds and Sandy Ginoza USC/Information Sciences Institute ... Below is the data which will enable a MIME compliant Mail Reader implementation to automatically retrieve the ASCII version of the RFCs.