ietf-smime
[Top] [All Lists]

RE: Key Sizes in S/MIME v3.2

2008-02-20 06:14:26

-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Turner, 
Sean P.
Sent: Wednesday, February 20, 2008 7:17 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: RE: Key Sizes in S/MIME v3.2


I should have been clearer.

RFC 3850 current says (sec 4.3):

Key sizes from 512 bits to 2048 bits MUST be supported. 

Suggesting it be replaced with:

Key sizes from 1024 bits to 2048 bits MUST be supported. 

Here are the suggested changes RFC 3851 (sec 4.1):
      
If an S/MIME agent needs to generate an RSA key pair,  then 
the S/MIME agent or some related administrative  utility or 
function SHOULD generate RSA key pairs  using the following 
guidelines.  A user agent SHOULD  generate RSA key pairs at a 
minimum key size of 1024 bits.
           was 768 ^^^^    
A user agent MUST NOT generate RSA key pairs  less than 768 
                                               was 512 ^^^ 
bits long. Creating keys longer than
1024 bits can cause some older S/MIME receiving agents  to 
not be able to verify signatures, but gives better  security 
and is therefore valuable.  A receiving agent  SHOULD be able 
to verify signatures with keys of any  size over 768 bits. 
                                        was 512 ^^^
Some agents created in the United
States have chosen to create 512 bit keys in order to  get 
more advantageous export licenses.  However, 512  bit keys are 
considered by many to be cryptographically  insecure. 
Implementers SHOULD be aware that multiple
(active) key pairs can be associated with a single  
individual.  For example, one key pair can be used  to support 
confidentiality, while a different key pair  can be used for 
authentication. 

Thoughts?

spt

-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Paul 
Hoffman
Sent: Tuesday, February 19, 2008 1:42 PM
To: Turner, Sean P.; ietf-smime(_at_)imc(_dot_)org
Subject: Re: Key Sizes in S/MIME v3.2


At 11:34 AM -0500 2/19/08, Turner, Sean P. wrote:
 >From the mail discussion we had in December, it's pretty
clear to me
that key sizes from 1024-2048 ought to be the MUST and other
key sizes are MAY.
I'm suggesting the following text:

Key sizes from 1024 bits to 2048 buts MUST be supported. Keys sizes 
larger than 2048 MAY be supported.

Sure.

Should we put a MUST NOT or SHOULD NOT in for key sizes
smaller than 1024?

MUST NOT or SHOULD NOT *what*? Generate, or validate?



<Prev in Thread] Current Thread [Next in Thread>