RE #1: Seems right to copy text from RFC 4307.
RE #2: I think that 1024 and 2048 ought to be MUST. Other sizes MAY
RE #3: This seems to be the license agreement in question:
At 12:00 PM 12/5/2007, Turner, Sean P. wrote:
At the meeting we had some comments on the S/MIME v3.2 specs
(draft-ietf-smime-3850bis-00.txt and draft-ietf-smime-3851bis-00.txt):
1. Define SHOULD+, SHOULD-, and MUST-.
2. Update key size requirements and make sure you differentiate
between RSA/DSA and EC key sizes.
3. Check that there's no IPR wrt to ECDSA signed certificates and
using them with S/MIME.
For #1 - I'm going to copy the text from RFC4307.
For #3 - Turns out we're the 1st group to make ECDSA a SHOULD (of
any kind) so we've got our feelers out to see what we can shake loose.
For #2 RSA/DSA key sizes - There was some discussion that the RSA
key size that MUST be supported should be 1024-3076 and others felt
that it should be 1024-2048. What do people think?
For #2 EC key size - This discussion may be premature but what
should we make the sizes? Min 256 max 384?
Other comments are welcome.