Michael Richardson writes: > > Tero Kivinen <[email protected]> wrote: > > And he pointed out that this asks for mandatory to implemented key > > size for RSA to be 1024 or 2048-bits. > > So, an implementation could support 1024 and 2048 bit key lengths, but not > 1536 bit ones?
This is for the PKIX certificates in the authentication, and RFC7296 says that implementations MUST support RSA key sizes of 1024 and 2048 bits. People do not use PKIX certificates with key lengths of 1536 that much... For the Diffie-Hellman implementations do use group 5, which is 1536-bit Diffie-Hellman group, but that is completely separate discussion. > > > I.e. should we modify this also while updating the RFC4307? We could > > add section about the mandatory to implement authentication methods, > > and specify which methods are to be used, for example require RSA key > > lengths of 2048 bits, and perhaps say that implementations SHOULD > > support RSA key lengths up to 4096 bits. > > So, this is different than "2048" and "4096". > This text would support a key length of 2304, for instance. Yes. When you go over 2048 bits, people do not necessarely go to the 4096 bits. Some people do use other sizes too (3072 etc). I think saying that 2048 bits MUST be supported is something we want to specify if we add text about authentication key lengths. Adding text that anything up 4096 bits SHOULD be supported is also useful... -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
