IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation
Damien Miller <djm%mindrot.org@localhost> writes:
> On Sun, 8 Nov 2015, denis bider wrote:
>
> > (1) I have uploaded a new version of the RSA SHA-2 draft:
> >
> > https://tools.ietf.org/html/draft-rsa-dsa-sha2-256-02
>
> Some feedback on the draft:
...elided...
> Is it worthwhile to specify a minimum key size for the new signature
> schemes?
Hmmm... I am not sure. I would suggest a minimum of 2048 or 3072 would
seem to fit, but that might already be covered from RFC 4251 which has:
RFC 4251 Section 4.4 Security Properties says:
"All algorithms are used with cryptographically sound key sizes
that are believed to provide protection against even the strongest
cryptanalytic attacks for decades."
Do we believe that 112 bits of security will (i.e., RSA 2048-bit keys)
will last for decades? If not, do we want to go for RSA 3072-bit keys
with 128 bits of security (like AES-128) and SHA2-256?
Or, should we let the developers just choose what they will and hope for
the best?
-- Mark
Home |
Main Index |
Thread Index |
Old Index