ietf-smime
[Top] [All Lists]

RE: Comments on x942-05 draft

1999-02-19 06:19:44
I'm trying to mind p's and q's here ;-).  I was questioning the last
sentence in 2.2's 2nd paragraph, which states "p must be a minimum of 160
bits long", recognizing X9.42's recommendation for a significantly larger p.
Earlier in the same paragraph, there's a separate statement about q being at
least 160 bits; I wasn't asking about that or private key sizes, just
specifically about p. 

--jl

----------
From:         EKR[SMTP:ekr(_at_)rtfm(_dot_)com]
Sent:         Wednesday, February 17, 1999 5:19 PM
To:   Russ Housley
Cc:   jlinn(_at_)securitydynamics(_dot_)com; ietf-smime(_at_)imc(_dot_)org
Subject:      Re: Comments on x942-05 draft

Russ Housley <housley(_at_)spyrus(_dot_)com> writes:

John said:
In 2.2, 2nd paragraph, suggest changing "...m MUST be >=160" -> "...m
MUST
be >= 160 bits in length". Later in the paragraph, is 160 bits
intended as
the appropriate minimum length for p?  (Note, by comparison, that
X9.42
requires a multiple of 256 bits with a minimum of 512.)

Then Eric replied:
I'd prefer 160. 512 seems like overkill, and has unpleasant performance
tradeoffs.

I do not have a problem allowing people to have 512-bit private keys.
The
performance impact is imposed on themselves.  I also think that we
should
permit 160-bit private keys for those people that belive 80-bit security
is
useful.

In summary, I think that we should allow private keys to be between 160
and
512 bits.
That's no problem, but John indicates that X9.42 has a MINIMUM of 512,
which I consider unacceptable.

As far as I'm concerned people should be allowed to go up to |p|

-Ekr


-- 
[Eric Rescorla                                   ekr(_at_)rtfm(_dot_)com]