ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

S/MIME v3.2 IDs key size text

2008-03-19 15:37:46
from [Turner, Sean P.] [Permanent Link] 

The key size text is the remaining issue with the S/MIME v3.2 IDs.  What I'm
hoping to do is consensus on the text so we can issue a WG LC on these two
IDs. To make sure there's no confusion I've included the old and new text
from the two IDs. If you have comments on the new text please be specific
about the change you are proposing.

spt

--------------

In 3850bis, the update is to section 4.3 (this is the only sentence that
refers to key sizes):

(old) Key sizes from 512 bits to 2048 bits MUST be supported.

(new) Key sizes from 1024 bits to 2048 bits MUST be supported.

In 3851bis, the update is to section 4.1:

(old) If an S/MIME agent needs to generate an RSA key pair, then the S/MIME
agent or some related administrative utility or function SHOULD generate RSA
key pairs using the following guidelines.  A user agent SHOULD generate RSA
key pairs at a minimum key size of 768 bits.  A user agent MUST NOT generate
RSA key pairs less than 512 bits long. Creating keys longer than 1024 bits
can cause some older S/MIME receiving agents to not be able to verify
signatures, but gives better security and is therefore valuable.  A
receiving agent SHOULD be able to verify signatures with keys of any size
over 512 bits. Some agents created in the United States have chosen to
create 512 bit keys in order to get more advantageous export licenses.
However, 512 bit keys are considered by many to be cryptographically
insecure. Implementers SHOULD be aware that multiple (active) key pairs can
be associated with a single individual.  For example, one key pair can be
used to support confidentiality, while a different key pair can be used for
authentication.

(new) If an S/MIME agent needs to generate an RSA key pair, then the S/MIME
agent or some related administrative utility or function SHOULD generate RSA
key pairs using the following guidelines.  A user agent SHOULD generate RSA
key pairs at a minimum key size of 1024 bits.  A user agent MUST NOT
generate RSA key pairs less than 1024 bits long. Creating keys longer than
1024 bits can cause some older S/MIME receiving agents to not be able to
verify signatures, but gives better security and is therefore valuable.  A
receiving agent SHOULD be able to verify signatures with keys of any size
over 512 bits. 

- the last four sentences from old text were moved to the security
considerations.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: CAdES implementation. Complete Revocation References attribut e., Pope, Nick
Next by Date:  RE: S/MIME v3.2 IDs key size text, Tony Capel
Previous by Thread:  {Blocked Content} I-D ACTION:draft-ietf-smime-3851bis-01.txt, Internet-Drafts
Next by Thread:  RE: S/MIME v3.2 IDs key size text, Tony Capel
Indexes:  [Date] [Thread] [Top] [All Lists]