Re: [lamps] RSA Key Length in draft-ietf-lamps-cmp-updates

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Fri, 30 July 2021 16:09 UTC

From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, Russ Housley <housley@vigilsec.com>, LAMPS WG <spasm@ietf.org>
Thread-Topic: [lamps] RSA Key Length in draft-ietf-lamps-cmp-updates
Thread-Index: AQHXhVe/Hi1cLG8rPkWvL7OPHZuNqatbpYKAgAAI9NA=
Date: Fri, 30 Jul 2021 16:09:10 +0000
Message-ID: <AM0PR10MB2418F44F397E83838DFB447FFEEC9@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <jlgeebfzxe5.fsf@redhat.com> <28004F91-3DF3-402E-865C-D9F223483F93@vigilsec.com> <99B3720E-69C2-40D2-BE94-A8A8D9E4207A@akamai.com>
In-Reply-To: <99B3720E-69C2-40D2-BE94-A8A8D9E4207A@akamai.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-07-30T16:09:09Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=e6412802-07fa-4fee-8bfa-38fed2448dcd; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none; dmarc.ietf.org; dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1fd662d6-22f9-4fb4-142b-08d953745e1f
x-ms-traffictypediagnostic: AM0PR10MB2195:
x-microsoft-antispam-prvs: <AM0PR10MB21952105B44E0BA3FF8DC880FEEC9@AM0PR10MB2195.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5kskMeUWiKPnVYZqK6gBenuPwr1Y9K2UBJk62jKfXSpPB+e61YjVxU6eDyTgJoJ68DmUfSiHZdw76KfKc1Tmq7Vg7gTJheS3zvZW47ASIXpqLQGd8ajB2MIWcH5TKsVTr2aYS3MNMtJaj2pBgrDlkEbrOiyoWMfVbqdmCsza+9sXrizsf11rZHzssRvM5raql7JGx0TvpX2JdlJwXTaB9EwuUZWmy+VnTXfucr2u/ymwsyhN6iUvJPjlyPG4m5zSOVRylolbGwmW+UVMZGaY26y5WbiyT30T2PWDxDVjsVEIIKHWXVUfv/fkOMq9J1wSwqCaCW6sF4JxQBGHcwbjhRGQYN6nlRWWsnoNI9+0LU36eARN8UWUFiWG0mjkA1nfgyNk8xa81QJUUISc+cUbDqj/5pofl3oFEv0FTntwwhaHYm7c5MjBWsUAPBoLd06Ejv1xkql1fT9YSPu+JETAuodDJUdlRZbiilIyHz0i2EGwz/SnDYGDdpsr/syqEwlJ3OSvcKo+bxNVHfGpg4XdGoGyqZrSx2LM7zRIDNxYOHwBEyUfITapfY+bCfyaX/qz95REykp5Q9TbaQKEjj3KI4iqCeodc9VnrT2iIuUru/6wsL6EPhBiW4KKlAKS6XtTeGfgZ2QwGg1vdDoRO//guHiE9I51eTuPvW8gVlE2GYagvPFGOF+1YWc2cVAkDQujePEzYwXVgQUXAFffnnx7dQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(39860400002)(136003)(396003)(376002)(346002)(71200400001)(186003)(2906002)(64756008)(86362001)(66476007)(110136005)(316002)(26005)(38100700002)(122000001)(478600001)(6506007)(38070700005)(66946007)(15650500001)(55016002)(7696005)(9686003)(76116006)(8936002)(66556008)(8676002)(33656002)(4744005)(66446008)(83380400001)(5660300002)(52536014); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 4VfiDWF1USctiN4GsdlrAnW6oPKmhjREZHGFyxGINpEOHjGt6XDw2Z3EJTRVisdhe9zInuMExYaPzTcqNc/rPdEpSnu3O8fosGBg3GYSN070AAzxn8HyS9qm2nzpUrN8WghYZbdMmLu+EFwNoXZGyzq98nUOuIsisKp8tVMPwd1V1lqHjQ1Ez+e8RS4LuDfHcfmy9tztGW+QZuVwY7YHQQlDUUYQk40X+U418tYVSGym54BUzXdtAOB5SOtAGTT1aDrSuP39OJGw7DVfG4zWAx5HGAzzrwNM8W5Iq4NHncwCtk1dlIyJ6+0tzXYQr0tPant8TZFVtgGuHa2hYgX7315UTm+YeINHO1RlgyuZrMEDbKzkmlZBdCqz9FpBDvIGp3USygB1kI2Y6er30gXpa0udUaCJ0EMM17kgHgpLM3ukV6mzbLHm9gv46Z0JtHLO8PwCRvxWhL+o5VRCmZJEsk+AOpoJR7DijlhS9qSE/iUW/okrM1GjuqBKWqt7vLjq5My4oHwzzn6r65UlW4WCg9PXmTUsDV9upa8Ljd4cddT71Bi1c0+VX6cv12FUAnzcXeWfVYi9iyEdu/HkOSIRojHYHc9ZHyHBjXF89djLu7W7MXhNFyQF9tzLlituVK6Ree7SasdPkix+wmv3FGi0BuA20onAGZ8JctL003cUXklpfIzzpUB9EOjYIIK+iAZEJQjFacnTN7T/68J86h0ihvg6Fa5oZf3UGIXgkarHpLGh53cTfZxTSqgxLKiPNJtm9DFc01X3rufRpckmMvx1yrukHW1YvEs/121mn79YJHqtrYEd/iWXl+umu4Nb5CTHRdUi6WNZtbqN9fxLLOA083WmZYk7BBe+fGlouVb9I7t11NV3u/45XpAHqTuPyEi4YqPwC5k/0ui5BCihscBFAYtQI7h3owH/jpcga8wlbGFJDBMT52GGZ7OKNFjJZDjEOvquWUZ1DNzXHO+8x5eYOhRqlccsVrR5znKK21cFVX+XKzRaE0kdhtWMT9fEve3c+Z6Hno3D5THlH4OufCBUACsAK7H+AtpI4mRlEhU8AMvTrOAeTK2KA7YEwX6rrsEKmKSm7rFAD1pu9JlvncdDhJe7QsyCUkyawkwqhFoC9CV7w7yXcY2lMhC9PCHBBSP7I5pNdbPnreIqVvgTIbU931K+nFx8FRCz5w+1KZbk0aE+Fu4ZdEHo8oSOeuQM919bMW1iuOFhuXAOHEbJYmuKWuoELLPguyQbV5LxUpIWDUhJ5smVSK2QECO0hlSgVl8vMLIJc3tFB3n8bJ4E9fRG2oVN56mZwH2g9GSLi8EfEdvXOztO1+J15wR3ohaZcMQ1
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 1fd662d6-22f9-4fb4-142b-08d953745e1f
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2021 16:09:10.9053 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PLNPeyiH73BDQH+H8/ANBauu4IaCwZ7XVARUM/J+/f6C2qBdHMNx1yTbknZLeP4x1mRNgqGWoQO3nlMdzJURDv3P0LMMTJa9h9yK3fPiJYQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2195
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/ILdXJZdR7blBeqAKGcCnged6RQk>
Subject: Re: [lamps] RSA Key Length in draft-ietf-lamps-cmp-updates
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 16:09:19 -0000

Russ, Rich

> Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von Salz, Rich
> 
> >   draft-ietf-lamps-cmp-updates defines id-regCtrl-rsaKeyLen as:
> 
>           RsaKeyLenCtrl ::= INTEGER
> 
>     At a minimum, I think we need to make this a positive integer.
> 
> Agreed.  And speaking of minimums:

Agreed. I do only know the type INTEGER, for example in PollRepContent where the checkAfter time (a time in seconds) also needs to be positive.
Should we use a different type here, or only express it in the comment?

> 
> >    I see that other groups are pushing for bigger minimum key sizes for RSA
> and D-H.
> 
> If we can avoid saying anything about this, that would probably be easiest.

In CMP Updates we could leave it open and in the Lightweight CMP Profile, we could specify it more concretely.

Hendrik

[lamps] RSA Key Length in draft-ietf-lamps-cmp-up… Russ Housley
Re: [lamps] RSA Key Length in draft-ietf-lamps-cm… Salz, Rich
Re: [lamps] RSA Key Length in draft-ietf-lamps-cm… Brockhaus, Hendrik
Re: [lamps] RSA Key Length in draft-ietf-lamps-cm… Russ Housley
Re: [lamps] RSA Key Length in draft-ietf-lamps-cm… Brockhaus, Hendrik
Re: [lamps] RSA Key Length in draft-ietf-lamps-cm… Russ Housley
Re: [lamps] RSA Key Length in draft-ietf-lamps-cm… Salz, Rich
Re: [lamps] RSA Key Length in draft-ietf-lamps-cm… Dmitry Belyavsky
Re: [lamps] RSA Key Length in draft-ietf-lamps-cm… David von Oheimb