|
RE: Key Sizes in S/MIME v3.2
2008-02-20 10:34:08
As I dig around, I find that 1024 is pretty much the minimum that is
recommended. Both NIST (SP 800-78) and RSA
(http://www.rsa.com/rsalabs/node.asp?id=2004) recommend at least 1024 now.
Also, I'm not sure I've ever actually seen a 768-bit key in a certificate -
all I've seen for years now is 1024.
spt
-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Denis
Pinkas
Sent: Wednesday, February 20, 2008 11:34 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: Key Sizes in S/MIME v3.2
How about for 3851bis: A user agent SHOULD generate RSA key
pairs at a
minimum key size of 1024 bits. A user agent MUST NOT
generate RSA key
pairs less than 1024 bits long.
With these two sentences there is no more room for key sizes
less than 1024 bits.
768 bits is still fully adequate, even we can recommend to use
1024 bits as the minimum.
Denis
I'll move the 768 back to 512 as suggested by Simon.
spt
-----Original Message-----
From: Russ Housley [mailto:housley(_at_)vigilsec(_dot_)com]
Sent: Wednesday, February 20, 2008 9:16 AM
To: Turner, Sean P.
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: RE: Key Sizes in S/MIME v3.2
Sean:
Given the proposed text, it sounds like you really want to say that
key sizes from 768 to 2048 bits must be supported, even
though you are
recommending 1024 bits as the minimum for newly generated keys.
Russ
At 07:17 AM 2/20/2008, Turner, Sean P. wrote:
I should have been clearer.
RFC 3850 current says (sec 4.3):
Key sizes from 512 bits to 2048 bits MUST be supported.
Suggesting it be replaced with:
Key sizes from 1024 bits to 2048 bits MUST be supported.
Here are the suggested changes RFC 3851 (sec 4.1):
If an S/MIME agent needs to generate an RSA key pair, then the
S/MIME agent or some related administrative utility or function
SHOULD generate RSA key pairs using the following
guidelines. A user
agent SHOULD generate RSA key pairs at a minimum key size of 1024
was 768 ^^^^
bits. A user
agent MUST NOT generate RSA key pairs less than 768 bits long.
Creating keys longer than
^^^ was 512
1024 bits can cause some older S/MIME receiving agents to not be
able to verify signatures, but gives better security and is
therefore
valuable. A receiving agent SHOULD be able to verify
signatures with
keys of any size over 768 bits. Some agents created in the United
^^^ was 512
States have chosen to create 512 bit keys in order to get more
advantageous export licenses. However, 512 bit keys are
considered
by many to be cryptographically insecure. Implementers SHOULD be
aware that multiple
(active) key pairs can be associated with a single
individual. For
example, one key pair can be used to support
confidentiality, while a
different key pair can be used for authentication.
Thoughts?
spt
-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Paul
Hoffman
Sent: Tuesday, February 19, 2008 1:42 PM
To: Turner, Sean P.; ietf-smime(_at_)imc(_dot_)org
Subject: Re: Key Sizes in S/MIME v3.2
At 11:34 AM -0500 2/19/08, Turner, Sean P. wrote:
>From the mail discussion we had in December, it's pretty
clear to me
that key sizes from 1024-2048 ought to be the MUST and other
key sizes are MAY.
I'm suggesting the following text:
Key sizes from 1024 bits to 2048 buts MUST be supported.
Keys sizes
larger than 2048 MAY be supported.
Sure.
Should we put a MUST NOT or SHOULD NOT in for key sizes
smaller than 1024?
MUST NOT or SHOULD NOT *what*? Generate, or validate?
Regards,
Denis Pinkas
|
|