ietf-smime
[Top] [All Lists]

RE: S/MIME v3.2 IDs key size text

2008-03-25 11:51:31

Paul,

These sounds reasonable. To resolve the 2nd comment I'm deleting the
sentence, which Tony also commented on.

spt

-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Paul 
Hoffman
Sent: Wednesday, March 19, 2008 4:43 PM
To: Turner, Sean P.; ietf-smime(_at_)imc(_dot_)org
Subject: Re: S/MIME v3.2 IDs key size text


At 3:07 PM -0400 3/19/08, Turner, Sean P. wrote:
In 3850bis, the update is to section 4.3 (this is the only sentence 
that refers to key sizes):

(old) Key sizes from 512 bits to 2048 bits MUST be supported.

(new) Key sizes from 1024 bits to 2048 bits MUST be supported.

This is about verification, not about signing. Why should we 
increase it from 512 bits? I support leaving it as in RFC 3850 
at 512 bits.


In 3851bis, the update is to section 4.1:

(old) If an S/MIME agent needs to generate an RSA key pair, then the 
S/MIME agent or some related administrative utility or 
function SHOULD 
generate RSA key pairs using the following guidelines.  A user agent 
SHOULD generate RSA key pairs at a minimum key size of 768 bits.  A 
user agent MUST NOT generate RSA key pairs less than 512 bits long. 
Creating keys longer than 1024 bits can cause some older S/MIME 
receiving agents to not be able to verify signatures, but 
gives better 
security and is therefore valuable.  A receiving agent SHOULD be able 
to verify signatures with keys of any size over 512 bits. Some agents 
created in the United States have chosen to create 512 bit 
keys in order to get more advantageous export licenses.
However, 512 bit keys are considered by many to be cryptographically 
insecure. Implementers SHOULD be aware that multiple (active) 
key pairs 
can be associated with a single individual.  For example, one 
key pair 
can be used to support confidentiality, while a different key 
pair can 
be used for authentication.

(new) If an S/MIME agent needs to generate an RSA key pair, then the 
S/MIME agent or some related administrative utility or 
function SHOULD 
generate RSA key pairs using the following guidelines.  A user agent 
SHOULD generate RSA key pairs at a minimum key size of 1024 bits.  A 
user agent MUST NOT generate RSA key pairs less than 1024 bits long. 
Creating keys longer than
1024 bits can cause some older S/MIME receiving agents to not be able 
to verify signatures, but gives better security and is therefore 
valuable.  A receiving agent SHOULD be able to verify signatures with 
keys of any size over 512 bits.

I fully disagree with "MUST NOT generate RSA key pairs less 
than 1024 bits long". A signature that is of little value that 
is only supposed to last a week is fine at 512 bits.