Paul,
These sounds reasonable. To resolve the 2nd comment I'm deleting the
sentence, which Tony also commented on.
spt
-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Paul
Hoffman
Sent: Wednesday, March 19, 2008 4:43 PM
To: Turner, Sean P.; ietf-smime(_at_)imc(_dot_)org
Subject: Re: S/MIME v3.2 IDs key size text
At 3:07 PM -0400 3/19/08, Turner, Sean P. wrote:
In 3850bis, the update is to section 4.3 (this is the only sentence
that refers to key sizes):
(old) Key sizes from 512 bits to 2048 bits MUST be supported.
(new) Key sizes from 1024 bits to 2048 bits MUST be supported.
This is about verification, not about signing. Why should we
increase it from 512 bits? I support leaving it as in RFC 3850
at 512 bits.
In 3851bis, the update is to section 4.1:
(old) If an S/MIME agent needs to generate an RSA key pair, then the
S/MIME agent or some related administrative utility or
function SHOULD
generate RSA key pairs using the following guidelines. A user agent
SHOULD generate RSA key pairs at a minimum key size of 768 bits. A
user agent MUST NOT generate RSA key pairs less than 512 bits long.
Creating keys longer than 1024 bits can cause some older S/MIME
receiving agents to not be able to verify signatures, but
gives better
security and is therefore valuable. A receiving agent SHOULD be able
to verify signatures with keys of any size over 512 bits. Some agents
created in the United States have chosen to create 512 bit
keys in order to get more advantageous export licenses.
However, 512 bit keys are considered by many to be cryptographically
insecure. Implementers SHOULD be aware that multiple (active)
key pairs
can be associated with a single individual. For example, one
key pair
can be used to support confidentiality, while a different key
pair can
be used for authentication.
(new) If an S/MIME agent needs to generate an RSA key pair, then the
S/MIME agent or some related administrative utility or
function SHOULD
generate RSA key pairs using the following guidelines. A user agent
SHOULD generate RSA key pairs at a minimum key size of 1024 bits. A
user agent MUST NOT generate RSA key pairs less than 1024 bits long.
Creating keys longer than
1024 bits can cause some older S/MIME receiving agents to not be able
to verify signatures, but gives better security and is therefore
valuable. A receiving agent SHOULD be able to verify signatures with
keys of any size over 512 bits.
I fully disagree with "MUST NOT generate RSA key pairs less
than 1024 bits long". A signature that is of little value that
is only supposed to last a week is fine at 512 bits.