attachment
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Thanks, Randy.<br>
<br>
So is our key length attribute redundant?<br>
<pre class="moz-signature" cols="76">--
Regards,
Brian Smithson
PM, Security Research
PMP, CISSP, CISA, ISO 27000 PA
Advanced Imaging and Network Technologies
Ricoh Americas Corporation
(408)346-4435</pre>
<br>
<br>
Randy Turner wrote:
<blockquote
cite="mid:559C3130-E786-4ABA-A748-39952663BB88@amalfisystems.com"
type="cite">
<div><br>
</div>
Hi Brian,
<div><br>
</div>
<div>I think the IANA registry actually has the key length specified
as part of the suite enumeration.</div>
<div><br>
</div>
<div>Examples are:</div>
<div><br>
</div>
<div><span class="Apple-style-span"
style="font-family: -webkit-sans-serif; font-size: 13px;"></span></div>
<div><span class="Apple-style-span"
style="border-collapse: collapse; font-family: -webkit-sans-serif; font-size: 13px;">TLS_RSA_WITH_AES_128_CBC_SHA256</span></div>
<div><font class="Apple-style-span" face="-webkit-sans-serif" size="3"><span
class="Apple-style-span"
style="border-collapse: collapse; font-size: 13px;">TLS_RSA_WITH_AES_256_CBC_SHA256</span></font></div>
<div><font class="Apple-style-span" face="-webkit-sans-serif" size="3"><span
class="Apple-style-span"
style="border-collapse: collapse; font-size: 13px;"><br>
</span></font></div>
<div><font class="Apple-style-span" face="-webkit-sans-serif" size="3"><span
class="Apple-style-span"
style="border-collapse: collapse; font-size: 13px;">There are other
suites that don't specify numeric key sizes, but in these cases, the
algorithm itself</span></font></div>
<div><font class="Apple-style-span" face="-webkit-sans-serif" size="3"><span
class="Apple-style-span"
style="border-collapse: collapse; font-size: 13px;">(3DES for example)
work with a specific key size that doesn't vary.</span></font></div>
<div><font class="Apple-style-span" face="-webkit-sans-serif" size="3"><span
class="Apple-style-span"
style="border-collapse: collapse; font-size: 13px;"><br>
</span></font></div>
<div><font class="Apple-style-span" face="-webkit-sans-serif" size="3"><span
class="Apple-style-span"
style="border-collapse: collapse; font-size: 13px;">In this case, we
may be able to just specify that we're talking about a minimum suite,
with a reference to RFC 5246 and</span></font></div>
<div><font class="Apple-style-span" face="-webkit-sans-serif" size="3"><span
class="Apple-style-span"
style="border-collapse: collapse; font-size: 13px;">the IANA registry
itself.</span></font></div>
<div><font class="Apple-style-span" face="-webkit-sans-serif" size="3"><span
class="Apple-style-span"
style="border-collapse: collapse; font-size: 13px;"><br>
</span></font></div>
<div><font class="Apple-style-span" face="-webkit-sans-serif" size="3"><span
class="Apple-style-span"
style="border-collapse: collapse; font-size: 13px;">Randy</span></font></div>
<div><font class="Apple-style-span" face="-webkit-sans-serif" size="3"><span
class="Apple-style-span"
style="border-collapse: collapse; font-size: 13px;"><br>
</span></font></div>
<div><font class="Apple-style-span" face="-webkit-sans-serif" size="3"><span
class="Apple-style-span"
style="border-collapse: collapse; font-size: 13px;"><br>
</span></font></div>
<div><span class="Apple-style-span"
style="font-family: -webkit-sans-serif; font-size: 13px;"></span>
<div>
<div>On Jan 30, 2009, at 6:26 PM, Brian Smithson wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<div>I am still wondering how these two attributes can be used in
practice. I<br>
know that we can uniquely identify cipher suites using the IANA<br>
registry, but is there an authoritative source to specify that one suite<br>
is "more minimum" than another? And if you consider different key<br>
lengths that might be acceptable for a given suite, then can we really<br>
say that suite X is more minimum than suite Y even if an HCD supports a<br>
relatively long key length for X but only supports a relatively short<br>
one for Y?<br>
<br>
-- <br>
Regards,<br>
Brian Smithson<br>
PM, Security Research<br>
PMP, CISSP, CISA, ISO 27000 PA<br>
Advanced Imaging and Network Technologies<br>
Ricoh Americas Corporation<br>
(408)346-4435<br>
<br>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
</body>
</html>