get people to change their shorter keys. Or Mark's suggestion
may be better. Do we have any data on deployed key sizes?
Unfortunately we don't and getting it is non-trivial as it involves
deploying s/w. Maybe someone else does. I expect 512 to be rare, but
768 might be common.
I will note that it actually takes work to check the key size, so it's
an artificial constraint that may or may not be implemented very
well. (As an implementor I hold the belief that all artificial
constraints eventually bit-rot to zero).
Further, that sort of constraint is algorithm dependent. So the true
test is: if (rsa && keySize < limit)). A new algorithm may well have
completely different size limits or different safety dimensions to
check.
Is there experience in similar fields to the success or otherwise of
imposing minimum safety limits? S/MIME, PGP, SSL?
Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html