IDS> Min_Cipher_Suite and Min_Cipher_Key_Length attributes

IDS> Min_Cipher_Suite and Min_Cipher_Key_Length attributes

Randy Turner rturner at amalfisystems.com
Fri Jan 30 21:39:43 EST 2009


Hi Brian,

I think the IANA registry actually has the key length specified as  
part of the suite enumeration.

Examples are:

TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256

There are other suites that don't specify numeric key sizes, but in  
these cases, the algorithm itself
(3DES for example) work with a specific key size that doesn't vary.

In this case, we may be able to just specify that we're talking about  
a minimum suite, with a reference to RFC 5246 and
the IANA registry itself.

Randy


On Jan 30, 2009, at 6:26 PM, Brian Smithson wrote:

> I am still wondering how these two attributes can be used in  
> practice. I
> know that we can uniquely identify cipher suites using the IANA
> registry, but is there an authoritative source to specify that one  
> suite
> is "more minimum" than another? And if you consider different key
> lengths that might be acceptable for a given suite, then can we really
> say that suite X is more minimum than suite Y even if an HCD  
> supports a
> relatively long key length for X but only supports a relatively short
> one for Y?
>
> -- 
> Regards,
> Brian Smithson
> PM, Security Research
> PMP, CISSP, CISA, ISO 27000 PA
> Advanced Imaging and Network Technologies
> Ricoh Americas Corporation
> (408)346-4435
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.pwg.org/archives/ids/attachments/20090130/af6053d9/attachment.html


More information about the Ids mailing list