Hiya,
On 23/07/2021 19:32, Peter Saint-Andre wrote:
The authors of rfc7525bis have noticed that the Commercial National Security Algorithm Suite (CNSA) contains some strong recommendations regarding topics of interest, including 3072-bit RSA, 3072-bit DHE, and ECDHE with secp384r1. These recommendations and others are summarized in draft-cooley-cnsa-dtls-tls-profile (currently in the RFC Editor queue via the Independent Submissions stream). We are wondering if the WG thinks it makes sense to adopt some of these recommendations and informatively reference draft-cooley-cnsa-dtls-tls-profile from rfc7525bis.
If the rationale for each such change is explicitly provided and discussed then I'd be ok with adopting such changes. If not, then I'd be against. I have two reasons: - ISTM one could read that draft as just being a general "turn it up a notch" which may be reasonable but I've also heard that once any potential quantum attack is feasible then 2048->3072 RSA won't really help (for long). So I'm not sure we should encourage people to make such changes - we may be better off trying to direct energies into PQC once the time is right (which it's not yet IMO). - With all due respect to the author, (whom I do respect), in the light of dual-ec, I don't think unquestioningly accepting advice from NSA without an explanation of the rationale is an acceptable plan, no matter how sane the advice may appear. Cheers, S. Cheers, S.
Thanks. Peter _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
