What the document says is "You need to do this" not "This is what the world
currently does"
Personally I think we should probably push the limit to 4096 on the upper
end.
Jim
-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org [mailto:owner-ietf-
smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Peter Gutmann
Sent: Wednesday, December 05, 2007 7:12 PM
To: ietf-smime(_at_)imc(_dot_)org; martin(_at_)voltage(_dot_)com;
turners(_at_)ieca(_dot_)com
Subject: RE: Comments on S/MIME v3.2
"Luther Martin" <martin(_at_)voltage(_dot_)com> writes:
With respect to the RSA key sizes, I see lots of demand for 3072-bit
keys,
but not much for 2048-bit, so I'd be very inclined to make the range
1024 to
3072. To be compatible with AES, you need at least 3072, after all.
How widely supported are values > 2K bits in hardware and crypto
toolkits?
The last time I looked (which admittedly was a few years ago), you ran
into
problems if you assumed that everyone could handle > 2K bit keys.
Peter.