On Monday, March 21, 2016 10:38:43 am Hubert Kario wrote: > If your hardware really can't do anything better than 2048 bit RSA, it's > not LTS, it's a crippled embedded system, and it definitely shouldn't > get a stamp of approval "good for next X0 years" or anything similar > like a LTS moniker would imply.
+1 Frankly, I think this document should be renamed "Extended Support Profile", rather than "Long-term Support Profile" (and ESP instead of LTS). In anything even approaching the long-term, TLS is dead due to the need for post-quantum crypto, yet to be defined. I'm not even convinced this document is capable of defining a known-good set that can survive for ten years, so that text should really be relaxed significantly. (in this context, 10 years is not "long-term") The bare minimum anyone should be stating for a 10 year window is something like 3248 bit RSA or ~256 bit ECDSA/EdDSA, and only with the qualifier that upgrades will probably be needed at some point over the next decade. Hardware that can't handle this is not short or medium-term viable, let alone long-term. https://www.keylength.com/en/3/ Hardware needs to accommodate the viable specifications, not the other way around. If it takes a second or two to perform a handshake, then that's what it takes until it's upgraded/replaced. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
