Re: [OAUTH-WG] RSA vs PKI?
Breno <breno.demedeiros@gmail.com> Fri, 13 November 2009 18:21 UTC
Return-Path: <breno.demedeiros@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9311B3A6882 for <oauth@core3.amsl.com>; Fri, 13 Nov 2009 10:21:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UkPjB820Rz9H for <oauth@core3.amsl.com>; Fri, 13 Nov 2009 10:21:40 -0800 (PST)
Received: from mail-qy0-f203.google.com (mail-qy0-f203.google.com [209.85.221.203]) by core3.amsl.com (Postfix) with ESMTP id 605193A6807 for <oauth@ietf.org>; Fri, 13 Nov 2009 10:21:40 -0800 (PST)
Received: by qyk41 with SMTP id 41so1676197qyk.29 for <oauth@ietf.org>; Fri, 13 Nov 2009 10:22:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=gEDI7Zc0sT16GPprMf0+y3SP8P2aaMANbOQe339EDF8=; b=RMFZ8QXIkDH5ipursuQk+HeEGdQHSwAOqBhlo8ZNcbFREGBJKBqIG7hB3wdUkagehU xJCEpZwNVCVqSPVzJBhfFpp9qDSpG4PKBlReCSSzMKXfdLAAkav0fcZRiH9uzAD09Wul Kb4IBwMtYRGolm8SMtSQRQGVUwre40BdbINiE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=by2KNQ1tOl7JI3daYGBNAyEudaIW4MF3IrFPJUmh1xPo7UqwzMjQc+QomfhAAKQSWa zd8BwJm7Fni0JeVwrNa6rrvkbYIE+IsHbn2SMHddxXwHWETFVRdNpcpctBMBVJY/X/YQ 3NdQD0t/UFlM1Y/oGKogTXoMZTBcQkzFZimOk=
MIME-Version: 1.0
Received: by 10.229.55.69 with SMTP id t5mr629097qcg.34.1258136527626; Fri, 13 Nov 2009 10:22:07 -0800 (PST)
In-Reply-To: <daf5b9570911081932r522a7bd6me1095cac2f264cb@mail.gmail.com>
References: <daf5b9570911060920i35c57b4ewdbe96968a73c86e5@mail.gmail.com> <3a880e2c0911061126t176e04ebjef1acd7fcb23efed@mail.gmail.com> <4AF77B77.40507@alcatel-lucent.com> <a123a5d60911081913w58af43f8g283138b984bb864f@mail.gmail.com> <daf5b9570911081932r522a7bd6me1095cac2f264cb@mail.gmail.com>
Date: Fri, 13 Nov 2009 10:22:07 -0800
Message-ID: <f98165700911131022s46bcb02dp2210f9709f13fd35@mail.gmail.com>
From: Breno <breno.demedeiros@gmail.com>
To: Brian Eaton <beaton@google.com>
Content-Type: multipart/alternative; boundary="0015175dd8b8cee418047844bc59"
Cc: Phillip Hallam-Baker <hallam@gmail.com>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] RSA vs PKI?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2009 18:21:41 -0000
Basically, the U.S. Government currently requires 256-bit symmetric encryption keys for the highest levels of security (documents whose confidentiality over the next several decades is a matter of national security). The 256-bit security requirement in symmetric keys compares to 512-bit in ECC but only to something like RSA-15,000. It is quite clear that nobody will ever deploy RSA-15,000 because it would be incredibly inefficient compared to ECC-512. So there is no point in estipulating RSA key sizes for the highest security settings. Generally, n bits of symmetic key security map to 2n bits of ECC security (currently published cryptanalytic research). However, the reduction of RSA security to symmetric security does not follow a linear relationship. On Sun, Nov 8, 2009 at 7:32 PM, Brian Eaton <beaton@google.com> wrote: > On Sun, Nov 8, 2009 at 7:13 PM, Phillip Hallam-Baker <hallam@gmail.com> > wrote: > > Now RSA 2048 is almost certainly enough for most things, but when you > > are a government agency you want the stuff you encrypt using RSA2048 > > on its last day of service life to be secure for another 20-30 years, > > possibly more. So while RSA 2048 has at least another 30 years left in > > it for authentication problems it is already reaching the end of its > > service life for certain confidentiality applications. > > > > > > I would suggest making RSA 2048 - SHA 256 the mandatory to implement > > and chose an ECC alternative from suite B. > > So the choice of RSA key length seems like something that different > applications could reasonably choose on their own, no? Do we really > need to include 2048 bit RSA in the spec, or is specifying RSA in > general sufficient? > > I suspect we do need to specify acceptable hash output lengths if > we're going to have decent interop. > > (I'm seriously pushing the bounds of my crypto knowledge here, so do > let me know if any of the above is nonsense.) > > Cheers, > Brian > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- Breno de Medeiros
- [OAUTH-WG] RSA vs PKI? Brian Eaton
- Re: [OAUTH-WG] RSA vs PKI? Infinity Linden (Meadhbh Hamrick)
- Re: [OAUTH-WG] RSA vs PKI? Igor Faynberg
- Re: [OAUTH-WG] RSA vs PKI? Phillip Hallam-Baker
- Re: [OAUTH-WG] RSA vs PKI? Brian Eaton
- Re: [OAUTH-WG] RSA vs PKI? Phillip Hallam-Baker
- Re: [OAUTH-WG] RSA vs PKI? Igor Faynberg
- Re: [OAUTH-WG] RSA vs PKI? Breno