PKI operators anyone?
Joel Jaeggli
joelja at bogus.com
Wed Sep 5 19:29:22 UTC 2007
Erik Amundson wrote:
> Validity periods aside, we have experimented quite a bit with putting
> certs on everything we possibly can, and we've found that there are a
> whole lot of products that can't handle root key sizes above 2048, some
> can't even handle anything larger than 1024.
>
> Included in the 'can't handle your root' list are several Cisco products
> (some products can handle 2048, some 1024, some 4096), and many software
> products that use an older Java version that has a max of 2048.
>
> This has always raised the question: Why do software authors think to
> implement PKI, but not think that key sizes will eventually grow over
> time? Seems very short-sighted to me.
Consider the hardware platforms some of these operations run on... It
takes a long time to generate 1024 bit dsa keys on a 20mhz motorola
68020. Using them in a key exchange is also expnsive on such hardware...
I think it's a safe assumption that there's some planned obsolence where
the software and hardware elements of the platform meet in the
cryptogrphic realm.
> I guess the option to choose for full interoperability is 1024 keys on
> all certs, but that is at a sacrifice of security on your higher-level
> certs...
>
> - Erik Amundson
>
>
> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
> Joe Maimon
> Sent: Wednesday, September 05, 2007 9:06 AM
> To: North American Networking and Offtopic Gripes List
> Subject: PKI operators anyone?
>
>
> MS-PRESS recommended design guidelines for multi-tier PKI systems for
> validity periods are along the lines of
>
> 8 years for the root
> 4 years for the "policy"
> 2 years for the "issuing"
> 1 year for the issued certificate
>
> This is ostensibly due to fears of brute force cracking of the private
> keys over the root key's validity period.
>
> Accompanied with this recommendation is one for key lengths of
>
> 4096 for the root
> 2048 for the policy
> 1024 for the issuing and for the issued.
>
> I have found the downside to this: Constant renewals every single year
> of either minor or major impact.
>
> While MS-AD pki client implementations seem to handle most of the
> (except for the root) resigning just fine, external implementation
> struggle with some details, such as "chaining up to the root" trusting
> (thereby only requiring them to trust the root cert) and such as
> trusting two different certs (for an issuing CA that gets resigned) but
> that have the same common name, hence loads of fun every 11 months or
> so.
>
> I am about to recommend a re implementation along these lines
>
> 80 years for the root, 4096bit key
> 35 years for the policy, 4096bit key
> 15 years for the issuing, ?bit key
> <=5 years for the issued certificates.
>
> Good idea? Bad Idea? Comments? Are all pki client implementation in the
> wild 4096bit compatible?
>
> Thanks in advance,
>
> Joe
>
More information about the NANOG
mailing list