ietf-smime
[Top] [All Lists]

Key pair generation in MSG

1998-03-17 18:47:39
Hi again. Section 4.1 of MSG says:

  A user agent SHOULD generate RSA key pairs at a minimum key size of
  768 bits and a maximum key size of 1024 bits. A user agent MUST NOT
  generate RSA key pairs less than 512 bits long. ...stuff about 512...

I think having a maximum size on the key, even as a SHOULD, is a bad idea.
This is a leftover from earlier S/MIME where some toolkits couldn't verify
with key sizes over 1024. Other applications are requiring keys longer than
1024 bits, and it would be good if those keys were usable with S/MIME. I
propose the above wording be changed to:

  A user agent SHOULD generate RSA key pairs at a minimum key size of
  768 bits. A user agent MUST NOT generate RSA key pairs less than 512
  bits long. Creating keys longer than 1024 bits may cause some older
  S/MIME receiving agents to not be able to verify signatures, but gives
  better security and is therefore valuable. A receiving agent SHOULD be
  able to verify signatures with keys of any size over 512 bits.

  ...stuff about 512...


--Paul Hoffman, Director
--Internet Mail Consortium

<Prev in Thread] Current Thread [Next in Thread>