Comments on the TS 102176 Part 1 v. 0.2.0 Georg Illies Bundesamt für Sicherheit in der Informationstechnik Georg Illies / 25th November 2004 Comments and Suggestions for the Annex Annex C: Most of its content can be found already in the main part and in ISO/IEC 18032, so Annex C should be reduced to section C.2 Annex D: Cite a paper on ECC parameters produced by the ECC Brainpool (to become an RFC): class number condition + standard curves Annex G: Silverman´s method (predictions from any kinds of different challenges and algos) is dubious. Section G.3.2 is too „optimistic“. Georg Illies 25.11.2004 Slide 2 Recommendations for Chapter 10 No predictions for more than 10 years. Regard Lenstra/Verheul´s „computationally equivalent security“ analysis as „liberal view“ recommendations (alias „lower lower limit“) for the next 5-6 years. This is consistent with definitions 10.1 and 10.2 of the TS and section 1.3 of the L/V paper. After 6 years even L/V is maybe not enough as „unexpected progress“ becomes more probable. Try to get an almost equal security level for all components. Georg Illies 25.11.2004 Slide 3 Recommendations for Chapter 10 („lower lower limit“) RSA: 1024 for 3 years >1250 for 5 years 2048 for 8 years ? for 10 years ECC: order q of base point: 160 bit for 2 years 180 bit for 5 years 224 bit for 8 years DSA: similar as RSA and ECC but bit-lengths and hash functions should be compatible with FIPS 186-3. level: about 80 bits for 5-6 years, about 100 bit after that Georg Illies 25.11.2004 Slide 4 Questions about Chapters 7, 11 and 12 Which signature suites should be added, which OIDs should be added? Shouldn´t MD5 be banned from the TS? What is the reason for prefering DSA rather than RSA in 12.2.2 and 12.2.5? Wouldn´t it make sense to add items „May support EC(G)DSA“ to all the tables in 12.2? Georg Illies 25.11.2004 Slide 5 Contact Bundesamt für Sicherheit in der Informationstechnik (BSI) Dr. Georg Illies Postfach 20 03 63 D-53133 Bonn Germany Tel: +49 (0)1888-9582-658 Fax: +49 (0)1888-9582-90658 georg.illies@bsi.bund.de www.bsi.bund.de www.bsi-fuer-buerger.de Georg Illies 25.11.2004 Slide 6