PKI operators anyone?

Joel Jaeggli joelja at bogus.com
Wed Sep 5 19:29:22 UTC 2007


Erik Amundson wrote:
> Validity periods aside, we have experimented quite a bit with putting
> certs on everything we possibly can, and we've found that there are a
> whole lot of products that can't handle root key sizes above 2048, some
> can't even handle anything larger than 1024.
> 
> Included in the 'can't handle your root' list are several Cisco products
> (some products can handle 2048, some 1024, some 4096), and many software
> products that use an older Java version that has a max of 2048.
> 
> This has always raised the question: Why do software authors think to
> implement PKI, but not think that key sizes will eventually grow over
> time?  Seems very short-sighted to me.

Consider the hardware platforms some of these operations run on... It
takes a long time to generate 1024 bit dsa keys on a 20mhz motorola
68020. Using them in a key exchange is also expnsive on such hardware...
I think it's a safe assumption that there's some planned obsolence where
the software and hardware elements of the platform meet in the
cryptogrphic realm.

> I guess the option to choose for full interoperability is 1024 keys on
> all certs, but that is at a sacrifice of security on your higher-level
> certs...
> 
> - Erik Amundson
> 
> 
> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
> Joe Maimon
> Sent: Wednesday, September 05, 2007 9:06 AM
> To: North American Networking and Offtopic Gripes List
> Subject: PKI operators anyone?
> 
> 
> MS-PRESS recommended design guidelines for multi-tier PKI systems for 
> validity periods are along the lines of
> 
> 8 years for the root
> 4 years for the "policy"
> 2 years for the "issuing"
> 1 year for the issued certificate
> 
> This is ostensibly due to fears of brute force cracking of the private 
> keys over the root key's validity period.
> 
> Accompanied with this recommendation is one for key lengths of
> 
> 4096 for the root
> 2048 for the policy
> 1024 for the issuing and for the issued.
> 
> I have found the downside to this: Constant renewals every single year 
> of either minor or major impact.
> 
> While MS-AD pki client implementations seem to handle most of the 
> (except for the root) resigning just fine, external implementation 
> struggle with some details, such as "chaining up to the root" trusting 
> (thereby only requiring them to trust the root cert) and such as 
> trusting two different certs (for an issuing CA that gets resigned) but 
> that have the same common name, hence loads of fun every 11 months or
> so.
> 
> I am about to recommend a re implementation along these lines
> 
> 80 years for the root, 4096bit key
> 35 years for the policy, 4096bit key
> 15 years for the issuing, ?bit key
> <=5 years for the issued certificates.
> 
> Good idea? Bad Idea? Comments? Are all pki client implementation in the 
> wild 4096bit compatible?
> 
> Thanks in advance,
> 
> Joe
> 




More information about the NANOG mailing list