At 3:46 PM -0400 10/8/06, Cat Okita wrote:
On Fri, 6 Oct 2006, Joe Abley wrote:
This kind of advice regarding specific key lengths and lifetimes
seems to change over time -- the key sizes get longer and the
validity periods get shorter -- presumably as a result of ongoing
research and improved capabilities of the machinery which can be
used to break keys.
By specifying absolute values for the algorithm and the key size,
this document leaves us only with the validity period, and changing
that in many cases is going to involve talking to a customer to
reissue a certificate. Talking to customers is expensive.
I would strongly suggest that if absolutely necessary, the key size
and algorithm not not be fixed, but that a basic compatibility
requirement
should be set. All of the PXIX working group documents that I've
checked through avoid the pitfall of specifying an absolute
algorithm/key size - and I strongly suspect that there are far more
cryptographers there than here.
As co-chair of PKIX I can explain why we don't put algorithms or key
sizes into those standards, but why they are relevant here.
PKIX standards focus on formats and processing algorithms for certs
and CRLs in all Internet contexts. Thus we don't make ANY algorithms,
much less key sizes, standard. Different application need not use
the same certs and thus can use different algorithms for cert
signing/verification without imposing any interoperability issues.
Also, some applications are uses in closed communities and thus
different sets of users can employ different algorithms for their
certs without interoperability concerns.
What PKIX does allow is publication of standards on HOW to represent
info about a given algorithm in a cert. So, for example, we say how
to represent RSA, DH, DSA, and EC DSA algorithms and associated
parameters. We also cite appropriate hash algorithms and the OIDs
that represent the use of one of these hash algorithms with a
signature algorithm.
In the SIDR context, we are discussing a single application, and for
use in the public Internet, it helps immensely if the same algorithm
is used everywhere. However, it is fair to say that we could avoid
algorithm references in a SIDR cert profile, which could be used in
closed Internets as well as the public Internet, and just put the
algorithm and key size info into a CP for the public Internet
instance of SIDR.
Steve
_______________________________________________
Sidr mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/sidr
