Security AD Advice
512-bit RSA keys are too short. They may be acceptable when the
crypto period is very short (say a week). I cannot envision most
administrators accepting the management burden associated with such
short crypto periods.
Proposed text:
Since short RSA keys are susceptible off-line attacks, signers MUST
use RSA keys of at least 1024 bits for long-lived keys. Receivers
MUST be able to validate signatures with keys ranging from 512 bits
to 2048 bits, and they MAY be able to validate signatures with larger
keys. Security policies may use the length of the signing key as one
metric for determining whether a signature is acceptable.
Russ
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html