On the EAP WG list, Lakshminath Dondeti has pointed out the problems with
including a copy of the RFC 3766 Key Strength table in another document:
"Section 3.7 has a copy of the attack resistance table from RFC 3766. It
is sufficient to provide a reference to that RFC. There is no need to
reproduce the table in the eap-keying document. In fact, if 3766 is
updated, the eap keying draft also needs to be updated; if 3766 is
simply referenced, the problem goes away."
This same argument can be made to remove the key strength table from RFC
2716bis. My recommendation is to change Note [3] in Section 5.1 to the
following, removing the table:
[3] BCP 86 [RFC3766] Section 5 offers advice on the required RSA or
DH module and DSA subgroup size in bits, for a given level of attack
resistance in bits. For example, a 2048-bit RSA key is recommended to
provide
128-bit equivalent key strength. The National Institute for
Standards and Technology (NIST) also offers advice on appropriate key
sizes in [SP800-57].
_______________________________________________
Emu mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/emu
