1 / 6

Comments on the TS 102176 Part 1 v. 0.2.0

Review of TS 102176 Part 1 with suggestions to enhance Annex sections, including recommendations for RSA, ECC, and DSA parameters based on security levels. Questions raised on signature suites, OIDs, MD5, RSA vs. DSA, and EC(G)DSA support. Contact Dr. Georg Illies at BSI for more information.

craigrobert
Download Presentation

Comments on the TS 102176 Part 1 v. 0.2.0

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Comments on theTS 102176 Part 1 v. 0.2.0 Georg Illies Bundesamt für Sicherheit in der Informationstechnik Georg Illies / 25th November 2004

  2. Comments and Suggestions for the Annex • Annex C: Most of its content can be found already in the main part and in ISO/IEC 18032, so Annex C should be reduced to section C.2 • Annex D: Cite a paper on ECC parameters produced by the ECC Brainpool (to become an RFC): class number condition + standard curves • Annex G: Silverman´s method (predictions from any kinds of different challenges and algos) is dubious. Section G.3.2 is too „optimistic“.

  3. Recommendations for Chapter 10 No predictions for more than 10 years. Regard Lenstra/Verheul´s „computationally equivalent security“ analysis as „liberal view“ recommendations (alias „lower lower limit“) for the next 5-6 years. This is consistent with definitions 10.1 and 10.2 of the TS and section 1.3 of the L/V paper. After 6 years even L/V is maybe not enough as „unexpected progress“ becomes more probable. Try to get an almost equal security level for all components.

  4. Recommendations for Chapter 10(„lower lower limit“) RSA: 1024 for 3 years >1250 for 5 years 2048 for 8 years ? for 10 years ECC: order q of base point: 160 bit for 2 years 180 bit for 5 years 224 bit for 8 years DSA: similar as RSA and ECC but bit-lengths and hash functions should be compatible with FIPS 186-3. level: about 80 bits for 5-6 years, about 100 bit after that

  5. Questions about Chapters 7, 11 and 12 Which signature suites should be added, which OIDs should be added? Shouldn´t MD5 be banned from the TS? What is the reason for prefering DSA rather than RSA in 12.2.2 and 12.2.5? Wouldn´t it make sense to add items „May support EC(G)DSA“ to all the tables in 12.2?

  6. Contact Bundesamt für Sicherheit in der Informationstechnik (BSI) Dr. Georg Illies Postfach 20 03 63 D-53133 Bonn Germany Tel: +49 (0)1888-9582-658 Fax: +49 (0)1888-9582-90658 georg.illies@bsi.bund.de www.bsi.bund.de www.bsi-fuer-buerger.de

More Related