We also have http://www.ietf.org/ietf/IPR/CERTICOM-ECDSA
spt
-----Original Message-----
From: Russ Housley [mailto:housley(_at_)vigilsec(_dot_)com]
Sent: Wednesday, December 05, 2007 4:30 PM
To: Turner, Sean P.; ietf-smime(_at_)imc(_dot_)org
Subject: Re: Comments on S/MIME v3.2
RE #1: Seems right to copy text from RFC 4307.
RE #2: I think that 1024 and 2048 ought to be MUST. Other
sizes MAY be supported.
RE #3: This seems to be the license agreement in question:
http://www.ietf.org/ietf/IPR/certicom_smime_license.pdf
At 12:00 PM 12/5/2007, Turner, Sean P. wrote:
At the meeting we had some comments on the S/MIME v3.2 specs
(draft-ietf-smime-3850bis-00.txt and draft-ietf-smime-3851bis-00.txt):
1. Define SHOULD+, SHOULD-, and MUST-.
2. Update key size requirements and make sure you differentiate
between RSA/DSA and EC key sizes.
3. Check that there's no IPR wrt to ECDSA signed certificates and
using them with S/MIME.
For #1 - I'm going to copy the text from RFC4307.
For #3 - Turns out we're the 1st group to make ECDSA a SHOULD (of any
kind) so we've got our feelers out to see what we can shake loose.
For #2 RSA/DSA key sizes - There was some discussion that the RSA key
size that MUST be supported should be 1024-3076 and others
felt that it
should be 1024-2048. What do people think?
For #2 EC key size - This discussion may be premature but what should
we make the sizes? Min 256 max 384?
Other comments are welcome.
spt