Hi again. Section 4.1 of MSG says:
A user agent SHOULD generate RSA key pairs at a minimum key size of
768 bits and a maximum key size of 1024 bits. A user agent MUST NOT
generate RSA key pairs less than 512 bits long. ...stuff about 512...
I think having a maximum size on the key, even as a SHOULD, is a bad idea.
This is a leftover from earlier S/MIME where some toolkits couldn't verify
with key sizes over 1024. Other applications are requiring keys longer than
1024 bits, and it would be good if those keys were usable with S/MIME. I
propose the above wording be changed to:
A user agent SHOULD generate RSA key pairs at a minimum key size of
768 bits. A user agent MUST NOT generate RSA key pairs less than 512
bits long. Creating keys longer than 1024 bits may cause some older
S/MIME receiving agents to not be able to verify signatures, but gives
better security and is therefore valuable. A receiving agent SHOULD be
able to verify signatures with keys of any size over 512 bits.
...stuff about 512...
--Paul Hoffman, Director
--Internet Mail Consortium