ietf-smime
[Top] [All Lists]

RE: S/MIME v3.2 IDs key size text

2008-03-25 07:48:42

Russ,

This sounds reasonable. I replace the following sentence in 3851bis:

A receiving agent SHOULD be able to verify signatures with keys of any size
over 512 bits.

with 

A receiving agent SHOULD be able to verify signatures with keys up to 16384
bits.

spt


-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Russ 
Housley
Sent: Wednesday, March 19, 2008 4:48 PM
To: Turner, Sean P.; ietf-smime(_at_)imc(_dot_)org
Subject: Re: S/MIME v3.2 IDs key size text


Sean:

A receiving agent SHOULD be able to verify signatures with 
keys of any 
size over 512 bits.

This is asking for denial of service attack.  What if someone 
sends a certificate that contains a 64Kbit value claiming to 
be a public key and a blob of random bits claiming to be a 
signature?  The amount of time to check the signature (and 
probably find that it is not valid) is onerous.

Today, I cannot imagine someone making use of a public key 
larger than 8192 bits.  Double that it you want to be very 
future proof.

Russ