Russ,
This sounds reasonable. I replace the following sentence in 3851bis:
A receiving agent SHOULD be able to verify signatures with keys of any size
over 512 bits.
with
A receiving agent SHOULD be able to verify signatures with keys up to 16384
bits.
spt
-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Russ
Housley
Sent: Wednesday, March 19, 2008 4:48 PM
To: Turner, Sean P.; ietf-smime(_at_)imc(_dot_)org
Subject: Re: S/MIME v3.2 IDs key size text
Sean:
A receiving agent SHOULD be able to verify signatures with
keys of any
size over 512 bits.
This is asking for denial of service attack. What if someone
sends a certificate that contains a 64Kbit value claiming to
be a public key and a blob of random bits claiming to be a
signature? The amount of time to check the signature (and
probably find that it is not valid) is onerous.
Today, I cannot imagine someone making use of a public key
larger than 8192 bits. Double that it you want to be very
future proof.
Russ