On Fri, Jul 23, 2021 at 3:37 PM Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote:
> > Hiya, > > On 23/07/2021 19:32, Peter Saint-Andre wrote: > > The authors of rfc7525bis have noticed that the Commercial National > > Security Algorithm Suite (CNSA) contains some strong recommendations > > regarding topics of interest, including 3072-bit RSA, 3072-bit DHE, and > > ECDHE with secp384r1. These recommendations and others are summarized in > > draft-cooley-cnsa-dtls-tls-profile (currently in the RFC Editor queue > > via the Independent Submissions stream). We are wondering if the WG > > thinks it makes sense to adopt some of these recommendations and > > informatively reference draft-cooley-cnsa-dtls-tls-profile from > rfc7525bis. > > If the rationale for each such change is explicitly provided > and discussed then I'd be ok with adopting such changes. If > not, then I'd be against. > The current draft just lists the rationale as "because CNSA says so" ( re: https://www.cnss.gov/CNSS/issuances/Policies.cfm ). I have two reasons: > > - ISTM one could read that draft as just being a general > "turn it up a notch" which may be reasonable but I've also > heard that once any potential quantum attack is feasible > then 2048->3072 RSA won't really help (for long). So I'm not > sure we should encourage people to make such changes - we > may be better off trying to direct energies into PQC once > the time is right (which it's not yet IMO). > Agreed; namely, that these do not appear appropriate nor relevant for RFC 7525bis as presently stated and justified, and do not support such integration.
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
