On Mar 17, 2006, at 8:48 AM, Russ Housley wrote:
Security AD Advice
512-bit RSA keys are too short. They may be acceptable when the
crypto period is very short (say a week). I cannot envision most
administrators accepting the management burden associated with such
short crypto periods.
Proposed text:
Since short RSA keys are susceptible [to] off-line attacks, signers
MUST use RSA keys of at least 1024 bits for long-lived keys.
Receivers MUST be able to validate signatures with keys ranging
from 512 bits to 2048 bits, and they MAY be able to validate
signatures with larger keys. Security policies may use the length
of the signing key as one metric for determining whether a
signature is acceptable.
With respect to 2048 bit keys, there is already a placeholder in the
base draft for developing a much needed binary DKIM key. There was a
concern raised about utilizing the RFC2538 CERT #37 RR for this
purpose. I have assurances Paul Vixie will assist an effort by the
DKIM WG to utilize the CERT RR for the binary version of the DKIM key.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html