Re: [TLS] Security today

To: "tls at ietf.org" <tls at ietf.org>
Subject: Re: [TLS] Security today
From: Mike <mike-list at pobox.com>
Date: Sat, 29 Mar 2008 09:58:32 -0700
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <20080329042520.632171CBB6B at kilo.rtfm.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <47EC2A75.2050303 at pobox.com> <0685A6ED2CB5D245B49DD0B07C3636CC2A8D543BC7 at NA-EXMSG-C104.redmond.corp.microsoft.com> <47EC57A2.4030109 at pobox.com> <47ED2BAB.2070508 at canola-jones.com> <47ED520E.80309 at pobox.com> <20080329010805.259641CB236 at kilo.rtfm.com> <47EDC226.3080809 at pobox.com> <20080329042044.16A021CBADE at kilo.rtfm.com> <20080329042520.632171CBB6B at kilo.rtfm.com>
Sender: tls-bounces at ietf.org
User-agent: Thunderbird 2.0.0.12 (Windows/20080213)

>> This is all well-known material amply covered in the cryptographic
>> literature. I don't see any benefit in the TLS WG rehashing
>> this territory.

I think you have been involved too long to know what is well-known
to a total beginner (me 2 years ago).  It wasn't until very recently
that I figured out that it would be perfectly fine for a CA with a
2000-bit keycertsign certificate to issue a 4000-bit keyencipherment
certificate.  Everything I've read indicates that key sizes from the
end entity up through the root need to be non-decreasing (of course
they should for all the CA's in the chain).

> For that matter, much of it is in "SSL and TLS: Designing and
> Building Secure Systems"

I've just ordered a copy, using 1024-bit RSA_RC4_MD5 from Amazon.
(I hadn't bought it before since I had already implemented SSL and
TLS when I first came across it.)

Mike
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

References:
- [TLS] Security today
  - From: Mike
- Re: [TLS] Security today
  - From: Michael Howard
- Re: [TLS] Security today
  - From: Mike
- Re: [TLS] Security today
  - From: Rodney Thayer
- Re: [TLS] Security today
  - From: Mike
- Re: [TLS] Security today
  - From: Eric Rescorla
- Re: [TLS] Security today
  - From: Mike
- Re: [TLS] Security today
  - From: Eric Rescorla
- Re: [TLS] Security today
  - From: Eric Rescorla

Prev by Date: Re: [TLS] Security today
Next by Date: Re: [TLS] Security today
Previous by thread: Re: [TLS] Security today
Next by thread: Re: [TLS] Security today
Index(es):
- Date
- Thread

Re: [TLS] Security today

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.