Re: IDS> Min_Cipher_Suite and Min_Cipher_Key_Length attributes

From: Ira McDonald (blueroofmusic@gmail.com)
Date: Sat Jan 31 2009 - 14:44:47 EST

Next message: Brian Smithson: "Re: IDS> Min_Cipher_Suite and Min_Cipher_Key_Length attributes"

Previous message: Randy Turner: "Re: IDS> Min_Cipher_Suite and Min_Cipher_Key_Length attributes"
In reply to: Randy Turner: "Re: IDS> Min_Cipher_Suite and Min_Cipher_Key_Length attributes"
Next in thread: Brian Smithson: "Re: IDS> Min_Cipher_Suite and Min_Cipher_Key_Length attributes"
Next in thread: Brian Smithson: "Re: IDS> Min_Cipher_Suite and Min_Cipher_Key_Length attributes"
Reply: Brian Smithson: "Re: IDS> Min_Cipher_Suite and Min_Cipher_Key_Length attributes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I think we *also* want to add references to these two IETF BCPs:

RFC 3766 Determining Strengths For Public Keys Used For Exchanging
Symmetric Keys. H. Orman, P. Hoffman. April 2004. (Format: TXT=55939
bytes) (Also BCP0086) (Status: BEST CURRENT PRACTICE) (23 pages)

RFC 4086 Randomness Requirements for Security. D. Eastlake, 3rd, J.
     Schiller, S. Crocker. June 2005. (Format: TXT=114321 bytes)
     (Obsoletes RFC1750) (Also BCP0106) (Status: BEST CURRENT
     PRACTICE) (48 pages)

They are both, by the way, well worth reading.

Cheers,
- Ira
Ira McDonald (Musician / Software Architect)
Chair - Linux Foundation Open Printing WG
Blue Roof Music/High North Inc
email: blueroofmusic@gmail.com
winter:
  579 Park Place Saline, MI 48176
  734-944-0094
summer:
  PO Box 221 Grand Marais, MI 49839
  906-494-2434

On Fri, Jan 30, 2009 at 9:39 PM, Randy Turner <rturner@amalfisystems.com> wrote:
>
> Hi Brian,
> I think the IANA registry actually has the key length specified as part of
> the suite enumeration.
> Examples are:
> TLS_RSA_WITH_AES_128_CBC_SHA256
> TLS_RSA_WITH_AES_256_CBC_SHA256
> There are other suites that don't specify numeric key sizes, but in these
> cases, the algorithm itself
> (3DES for example) work with a specific key size that doesn't vary.
> In this case, we may be able to just specify that we're talking about a
> minimum suite, with a reference to RFC 5246 and
> the IANA registry itself.
> Randy
>
> On Jan 30, 2009, at 6:26 PM, Brian Smithson wrote:
>
> I am still wondering how these two attributes can be used in practice. I
> know that we can uniquely identify cipher suites using the IANA
> registry, but is there an authoritative source to specify that one suite
> is "more minimum" than another? And if you consider different key
> lengths that might be acceptable for a given suite, then can we really
> say that suite X is more minimum than suite Y even if an HCD supports a
> relatively long key length for X but only supports a relatively short
> one for Y?
>
> --
> Regards,
> Brian Smithson
> PM, Security Research
> PMP, CISSP, CISA, ISO 27000 PA
> Advanced Imaging and Network Technologies
> Ricoh Americas Corporation
> (408)346-4435
>
>
>
>

Next message: Brian Smithson: "Re: IDS> Min_Cipher_Suite and Min_Cipher_Key_Length attributes"
Previous message: Randy Turner: "Re: IDS> Min_Cipher_Suite and Min_Cipher_Key_Length attributes"
In reply to: Randy Turner: "Re: IDS> Min_Cipher_Suite and Min_Cipher_Key_Length attributes"
Next in thread: Brian Smithson: "Re: IDS> Min_Cipher_Suite and Min_Cipher_Key_Length attributes"
Next in thread: Brian Smithson: "Re: IDS> Min_Cipher_Suite and Min_Cipher_Key_Length attributes"
Reply: Brian Smithson: "Re: IDS> Min_Cipher_Suite and Min_Cipher_Key_Length attributes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jan 31 2009 - 14:53:11 EST