ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: S/MIME v3.2 IDs key size text

2008-03-19 14:05:19
from [Paul Hoffman] [Permanent Link] 

At 3:07 PM -0400 3/19/08, Turner, Sean P. wrote:

In 3850bis, the update is to section 4.3 (this is the only sentence that
refers to key sizes):

(old) Key sizes from 512 bits to 2048 bits MUST be supported.

(new) Key sizes from 1024 bits to 2048 bits MUST be supported.
This is about verification, not about signing. Why should we increase it from 512 bits? I support leaving it as in RFC 3850 at 512 bits. 



In 3851bis, the update is to section 4.1:

(old) If an S/MIME agent needs to generate an RSA key pair, then the S/MIME
agent or some related administrative utility or function SHOULD generate RSA
key pairs using the following guidelines.  A user agent SHOULD generate RSA
key pairs at a minimum key size of 768 bits.  A user agent MUST NOT generate
RSA key pairs less than 512 bits long. Creating keys longer than 1024 bits
can cause some older S/MIME receiving agents to not be able to verify
signatures, but gives better security and is therefore valuable.  A
receiving agent SHOULD be able to verify signatures with keys of any size
over 512 bits. Some agents created in the United States have chosen to
create 512 bit keys in order to get more advantageous export licenses.
However, 512 bit keys are considered by many to be cryptographically
insecure. Implementers SHOULD be aware that multiple (active) key pairs can
be associated with a single individual.  For example, one key pair can be
used to support confidentiality, while a different key pair can be used for
authentication.

(new) If an S/MIME agent needs to generate an RSA key pair, then the S/MIME
agent or some related administrative utility or function SHOULD generate RSA
key pairs using the following guidelines.  A user agent SHOULD generate RSA
key pairs at a minimum key size of 1024 bits.  A user agent MUST NOT
generate RSA key pairs less than 1024 bits long. Creating keys longer than
1024 bits can cause some older S/MIME receiving agents to not be able to
verify signatures, but gives better security and is therefore valuable.  A
receiving agent SHOULD be able to verify signatures with keys of any size
over 512 bits.
I fully disagree with "MUST NOT generate RSA key pairs less than 1024 bits long". A signature that is of little value that is only supposed to last a week is fine at 512 bits.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: S/MIME v3.2 IDs key size text, Tony Capel
Next by Date:  Re: S/MIME v3.2 IDs key size text, Russ Housley
Previous by Thread:  RE: S/MIME v3.2 IDs key size text, Turner, Sean P.
Next by Thread:  RE: S/MIME v3.2 IDs key size text, Turner, Sean P.
Indexes:  [Date] [Thread] [Top] [All Lists]