ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: S/MIME v3.2 IDs key size text

2008-03-25 10:44:11
from [Turner, Sean P.] [Permanent Link] 

Tony,

This sounds reasonable, I'll remove the sentence.

spt 


-----Original Message-----
From: Tony Capel [mailto:capel(_at_)comgate(_dot_)com] 
Sent: Wednesday, March 19, 2008 4:12 PM
To: 'Turner, Sean P.'; ietf-smime(_at_)imc(_dot_)org
Subject: RE: S/MIME v3.2 IDs key size text

My only concern is making key size generation requirements a 
MANDATORY part of this standard.  I understand it may have 
been appropriate in the past.

I agree with making non-mandatory RECOMMENDATIONS regarding 
key size generation.
Also agree with making support for minimum key size ranges 
mandatory.  And have no problems with the sizes proposed.

However MANDATING (MUST/MUST-NOT) the generation and use of 
specific minimum sizes (or algorithms for that matter) seems 
to me to be better addressed by Cert Policies, etc. - and 
indeed in many cases key generation and use ends up being 
imposed by the PKI design - and defined in the corresponding 
CP - anyway.

I agree the RFC should set out as mandatory the minimum 
specifications required to ensure a high likelihood of 
interoperability.  However, if users choose to use small keys 
(and are allowed to under their CP) then does this make the 
implementation non-compliant to S/MIME v3.2?  For example, if 
S/MIME is used to implement a compartmentalized security 
policy and used over a secure infrastructure, do we presume to 
say a 768 bit key is insufficient for this particular application?  

The only change I would suggest is to remove the sentence:
" A user agent MUST NOT generate RSA key pairs less than 1024 
bits long"

The previous sentence to this already captures the 
RECOMMENDATION against keys of less than 1024 anyway.

I think in earlier versions of the RFC it was appropriate to 
mandate minimum key sizes, but nowadays, we should leave this 
decision to the designers who are working against the threat 
and risk assessment (and sure, include recommendations aimed 
at less sophisticated users).

Tony


| -----Original Message-----
| From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
| [mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Turner, 
Sean P.
| Sent: March 19, 2008 3:08 PM
| To: ietf-smime(_at_)imc(_dot_)org
| Subject: S/MIME v3.2 IDs key size text
| 
| 
| 
| The key size text is the remaining issue with the S/MIME v3.2 IDs.  
| What I'm hoping to do is consensus on the text so we can 
issue a WG LC 
| on these two IDs. To make sure there's no confusion I've 
included the 
| old and new text from the two IDs. If you have comments on the new 
| text please be specific about the change you are proposing.
| 
| spt
| 
| --------------
| 
| In 3850bis, the update is to section 4.3 (this is the only sentence 
| that refers to key sizes):
| 
| (old) Key sizes from 512 bits to 2048 bits MUST be supported.
| 
| (new) Key sizes from 1024 bits to 2048 bits MUST be supported.
| 
| In 3851bis, the update is to section 4.1:
| 
| (old) If an S/MIME agent needs to generate an RSA key pair, then the 
| S/MIME agent or some related administrative utility or 
function SHOULD 
| generate RSA key pairs using the following guidelines.  A user agent 
| SHOULD generate RSA key pairs at a minimum key size of 768 bits.  A 
| user agent MUST NOT generate RSA key pairs less than 512 bits long. 
| Creating keys longer than 1024 bits can cause some older S/MIME 
| receiving agents to not be able to verify signatures, but 
gives better 
| security and is therefore valuable.  A receiving agent 
SHOULD be able 
| to verify signatures with keys of any size over 512 bits. 
Some agents 
| created in the United States have chosen to create 512 bit keys in 
| order to get more advantageous export licenses. However, 512 
bit keys 
| are considered by many to be cryptographically insecure. 
Implementers 
| SHOULD be aware that multiple (active) key pairs can be associated 
| with a single individual.  For example, one key pair can be used to 
| support confidentiality, while a different key pair can be used for 
| authentication.
| 
| (new) If an S/MIME agent needs to generate an RSA key pair, then the 
| S/MIME agent or some related administrative utility or 
function SHOULD 
| generate RSA key pairs using the following guidelines.  A user agent 
| SHOULD generate RSA key pairs at a minimum key size of 1024 bits.  A 
| user agent MUST NOT generate RSA key pairs less than 1024 bits long. 
| Creating keys longer than 1024 bits can cause some older S/MIME 
| receiving agents to not be able to verify signatures, but 
gives better 
| security and is therefore valuable.  A receiving agent 
SHOULD be able 
| to verify signatures with keys of any size over 512 bits.
| 
| - the last four sentences from old text were moved to the security 
| considerations.
|
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Review of RFC 3278 Update, ietf
Next by Date:  RE: S/MIME v3.2 IDs key size text, Turner, Sean P.
Previous by Thread:  RE: S/MIME v3.2 IDs key size text, Tony Capel
Next by Thread:  Re: S/MIME v3.2 IDs key size text, Paul Hoffman
Indexes:  [Date] [Thread] [Top] [All Lists]