ietf-smime
[Top] [All Lists]

RE: Key Sizes in S/MIME v3.2

2008-02-20 10:34:08

As I dig around, I find that 1024 is pretty much the minimum that is
recommended. Both NIST (SP 800-78) and RSA
(http://www.rsa.com/rsalabs/node.asp?id=2004) recommend at least 1024 now.
Also, I'm not sure I've ever actually seen a 768-bit key in a certificate -
all I've seen for years now is 1024.

spt 

-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Denis 
Pinkas
Sent: Wednesday, February 20, 2008 11:34 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: Key Sizes in S/MIME v3.2




How about for 3851bis: A user agent SHOULD generate RSA key 
pairs at a 
minimum key size of 1024 bits.  A user agent MUST NOT 
generate RSA key 
pairs less than 1024 bits long.

With these two sentences there is no more room for key sizes 
less than 1024 bits.
768 bits is still fully adequate, even we can recommend to use 
1024 bits as the minimum.

Denis

I'll move the 768 back to 512 as suggested by Simon.

spt
-----Original Message-----
From: Russ Housley [mailto:housley(_at_)vigilsec(_dot_)com]
Sent: Wednesday, February 20, 2008 9:16 AM
To: Turner, Sean P.
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: RE: Key Sizes in S/MIME v3.2

Sean:

Given the proposed text, it sounds like you really want to say that 
key sizes from 768 to 2048 bits must be supported, even 
though you are 
recommending 1024 bits as the minimum for newly generated keys.

Russ

At 07:17 AM 2/20/2008, Turner, Sean P. wrote:

I should have been clearer.

RFC 3850 current says (sec 4.3):

 Key sizes from 512 bits to 2048 bits MUST be supported.

Suggesting it be replaced with:

 Key sizes from 1024 bits to 2048 bits MUST be supported.

Here are the suggested changes RFC 3851 (sec 4.1):

 If an S/MIME agent needs to generate an RSA key pair,  then the 
S/MIME agent or some related administrative  utility or function 
SHOULD generate RSA key pairs  using the following
guidelines.  A user
agent SHOULD  generate RSA key pairs at a minimum key size of 1024
                                         was 768 ^^^^  
bits.  A user 
agent MUST NOT generate RSA key pairs  less than 768 bits long.
Creating keys longer than
           ^^^ was 512
 1024 bits can cause some older S/MIME receiving agents  to not be 
able to verify signatures, but gives better  security and is
therefore
valuable.  A receiving agent  SHOULD be able to verify
signatures with
keys of any  size over 768 bits. Some agents created in the United
           ^^^ was 512
 States have chosen to create 512 bit keys in order to  get more 
advantageous export licenses.  However, 512  bit keys are 
considered 
by many to be cryptographically  insecure. Implementers SHOULD be 
aware that multiple
 (active) key pairs can be associated with a single
individual.  For
example, one key pair can be used  to support
confidentiality, while a
different key pair  can be used for authentication.

Thoughts?

spt

-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Paul 
Hoffman
Sent: Tuesday, February 19, 2008 1:42 PM
To: Turner, Sean P.; ietf-smime(_at_)imc(_dot_)org
Subject: Re: Key Sizes in S/MIME v3.2


At 11:34 AM -0500 2/19/08, Turner, Sean P. wrote:
 >From the mail discussion we had in December, it's pretty
clear to me
that key sizes from 1024-2048 ought to be the MUST and other
key sizes are MAY.
I'm suggesting the following text:

Key sizes from 1024 bits to 2048 buts MUST be supported. 
Keys sizes
larger than 2048 MAY be supported.

Sure.

Should we put a MUST NOT or SHOULD NOT in for key sizes
smaller than 1024?

MUST NOT or SHOULD NOT *what*? Generate, or validate?





Regards,

Denis Pinkas




<Prev in Thread] Current Thread [Next in Thread>