IETF Logo Mail Archive

Re: [lamps] RSA Key Length in draft-ietf-lamps-cmp-updates

David von Oheimb <nl0@von-Oheimb.de> Fri, 30 July 2021 20:17 UTC

Return-Path: <nl0@von-Oheimb.de>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A5583A0E32 for <spasm@ietfa.amsl.com>; Fri, 30 Jul 2021 13:17:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BMhHXuYetIFl for <spasm@ietfa.amsl.com>; Fri, 30 Jul 2021 13:17:48 -0700 (PDT)
Received: from server8.webgo24.de (server8.webgo24.de [185.30.32.8]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B7CD3A0E31 for <spasm@ietf.org>; Fri, 30 Jul 2021 13:17:48 -0700 (PDT)
Received: from [192.168.178.100] (dynamic-077-004-098-228.77.4.pool.telefonica.de [77.4.98.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by server8.webgo24.de (Postfix) with ESMTPSA id 53A90421B25; Fri, 30 Jul 2021 22:17:45 +0200 (CEST)
To: Russ Housley <housley@vigilsec.com>, LAMPS WG <spasm@ietf.org>
References: <jlgeebfzxe5.fsf@redhat.com> <28004F91-3DF3-402E-865C-D9F223483F93@vigilsec.com>
From: David von Oheimb <nl0@von-Oheimb.de>
Message-ID: <2d741661-1527-d684-44d7-d155847707d3@von-Oheimb.de>
Date: Fri, 30 Jul 2021 22:17:44 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <28004F91-3DF3-402E-865C-D9F223483F93@vigilsec.com>
Content-Type: multipart/alternative; boundary="------------9E682E060F67E08320DF1BAA"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/WYHOlWw_ZVQxOyYQH1MBCv5uUao>
Subject: Re: [lamps] RSA Key Length in draft-ietf-lamps-cmp-updates
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 20:17:55 -0000

On 30.07.21 17:29, Russ Housley wrote:
> draft-ietf-lamps-cmp-updates defines id-regCtrl-rsaKeyLen as:
>
>        RsaKeyLenCtrl ::= INTEGER
>
> At a minimum, I think we need to make this a positive integer.
>
> I see that other groups are pushing for bigger minimum key sizes for RSA and D-H.
>
> What do others think?

I don't think it's worth the hassle making restrictions on key lengths 
at this point.

On 30.07.21 18:21, Salz, Rich wrote:
>>    Of course, a one bit RSA key is silly.
> Interesting philosophical question, I suppose. Is 1 a prime?

None of the usual key lengths (including RSA modulus size) is a prime.


On 30.07.21 17:32, Salz, Rich wrote:
>>     I see that other groups are pushing for bigger minimum key sizes for RSA and D-H.
> If we can avoid saying anything about this, that would probably be easiest.

I agree here.

In my view,

       RsaKeyLenCtrl ::= INTEGER

is entirely sufficient for the syntax of RSA key lengths.

It is understood that only sensible values should be used there,
and I see little point in trying to force users to do this at syntactic 
level.

     David

v2.23.0 | Report a Bug | By Email