comment on draft-orman-public-key-lengths-02.txt
"Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com> Tue, 03 April 2001 09:39 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.9.3/8.9.3) with ESMTP id CAA11180; Tue, 3 Apr 2001 02:39:48 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id DAA29281 Tue, 3 Apr 2001 03:35:30 -0400 (EDT)
Reply-To: andrew.krywaniuk@alcatel.com
From: Andrew Krywaniuk <andrew.krywaniuk@alcatel.com>
To: ipsec@lists.tislabs.com
Subject: comment on draft-orman-public-key-lengths-02.txt
Date: Tue, 03 Apr 2001 03:14:44 -0400
Message-Id: <006401c0bc10$94709a40$1e72788a@andrewk3.ca.newbridge.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
In-reply-to: <3.0.5.32.20010402173240.03f159e0@smtp.datafellows.com>
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Actually 2 comments. The first comment is that the draft is very well written. Thanks for making my life easier. The second comment is something which I have mentioned before... As the draft states, the correct procedure for choosing algorithms/key lengths is as follows: 1. Determine the number of symmetric key bits matching the security requirement of the application (n). 2. Choose a symmetric cipher that has a key with at least n bits, and a cryptanalytic strength of at least that much. 3. Choose a key exchange algorithm with a resistance to attack of at least n bits. This is something which was not clear in previous versions of the draft, and vestiges of the old way of thinking remain. I think the following paragraph best illustrates the misunderstanding: If it is possible to design hardware for AES cracking that is considerably more efficient than hardware for DES cracking, then the moduli for protecting the key exchange can be made smaller. However, the existence of such designs is only a matter of speculation at this early moment in the AES lifetime. I find the idea that the KE moduli can be decreased if AES is found to be weak rather silly. After all, the requirement is not to match the symmetric key algorithm to the key exchange algorithm; the requirement is only to ensure that both algorithms have at least an equivalent strength of n. The reason I bring this up is because I think the above paragraph is prone to misinterpretation. If 3DES/Group2 provided adequate security for you yesterday then AES/Group2 should be good enough for you tommorow. Andrew ------------------------------------------- Upon closer inspection, I saw that the line dividing black from white was in fact a shade of grey. As I drew nearer still, the grey area grew larger. And then I was enlightened.
- help zhangdongyan
- Re: help Joern Sierwald
- comment on draft-orman-public-key-lengths-02.txt Andrew Krywaniuk