[Top] [All Lists]

Re: S/MIME v3.2 IDs key size text

2008-03-25 17:51:17

Paul Hoffman wrote:

I disagree with the upper limit. Verifying signatures with 16K bit keys is very difficult for constrained devices; this "SHOULD" may have the effect of making device makers need to use faster CPUs than they would normally want to have.

I made a study of the use of public keys in a DoS attack a while ago.

It isn't merely a key size issue. A signature using a 16K key and a small public exponent (such as 65537) can be verified using far less
effort than one with a 16K public exponent.

A separate issue is whether such a signature is verified before or after the certificate itself is verified and whether one can persuade a CA to issue a certificate containing such a key.

Dr Stephen N. Henson.
Core developer of the   OpenSSL project:
Freelance consultant see:
Email: shenson(_at_)drh-consultancy(_dot_)co(_dot_)uk, PGP key: via homepage.