At the meeting we had some comments on the S/MIME v3.2 specs
(draft-ietf-smime-3850bis-00.txt and draft-ietf-smime-3851bis-00.txt):
1. Define SHOULD+, SHOULD-, and MUST-.
2. Update key size requirements and make sure you differentiate between
RSA/DSA and EC key sizes.
3. Check that there's no IPR wrt to ECDSA signed certificates and using
them with S/MIME.
For #1 - I'm going to copy the text from RFC4307.
For #3 - Turns out we're the 1st group to make ECDSA a SHOULD (of any kind)
so we've got our feelers out to see what we can shake loose.
For #2 RSA/DSA key sizes - There was some discussion that the RSA key size
that MUST be supported should be 1024-3076 and others felt that it should be
1024-2048. What do people think?
For #2 EC key size - This discussion may be premature but what should we
make the sizes? Min 256 max 384?
Other comments are welcome.
spt