Table of Contents
Advertisement
Appendix
Export Considerations
Export Considerations
The HP Praesidium SpeedCard falls under the authority of U.S. export
controls policy and requires an export license.
The U.S. Government currently allows the export of only short (512-bit)
RSA cryptography when used for key establishment. Export of larger key
sizes, such as 1024-bit, is permitted when the field of use is limited to
authentication. If your web server needs to service foreign clients, it
would be sensible to configure SSL to use a short key for key
establishment and a long key for authentication.
Using separate keys for key establishment and authentication is more
secure and assists in meeting U.S. export laws, but carries even greater
computational cost -- two RSA private key operations rather than one.
Using separate keys may also be beneficial for supporting key recovery
systems. The export of longer key RSA cryptography is also possible for
narrower scope protocols than SSL, such as financial protocols. So,
although U.S. and other nations' export controls limit the export of
general purpose cryptography to short RSA keys, it is still likely that
long RSA keys will be the most commonly used.
48
Chapter 5
Advertisement
Table of Contents
