Re: S/MIME v3.2 IDs key size text

Steve:

A separate issue is whether such a signature is verified before or 
after the certificate itself is verified and whether one can 
persuade a CA to issue a certificate containing such a key.

Indeed, this is the best solution.  Perhaps we should drop the max 
size limit and discuss this point in the security considerations.


I was amazed by the following proposal :
"A receiving agent SHOULD be able to verify signatures with keys up to 16384 
bits".

If we drop it, then there is no guidance anymore.

Reasonably, for any implementation, today:
"A receiving agent SHOULD be able to verify signatures with keys up to 2048 
bits".

This does not prevent any implementation to support larger key sizes.

Denis

Russ

<Prev in Thread]	Current Thread	[Next in Thread>
RE: S/MIME v3.2 IDs key size text, (continued) RE: S/MIME v3.2 IDs key size text, Russ Housley Message not available RE: S/MIME v3.2 IDs key size text, Paul Hoffman Re: S/MIME v3.2 IDs key size text, Dr Stephen Henson Re: S/MIME v3.2 IDs key size text, Russ Housley Re: S/MIME v3.2 IDs key size text, Blake Ramsdell Re: S/MIME v3.2 IDs key size text, Peter Gutmann Re: S/MIME v3.2 IDs key size text, Dr Stephen Henson Re: S/MIME v3.2 IDs key size text, Simon Josefsson Re: S/MIME v3.2 IDs key size text, Peter Gutmann RE: S/MIME v3.2 IDs key size text, Peter Gutmann Re: S/MIME v3.2 IDs key size text, Denis Pinkas <=

Previous by Date:	Re: S/MIME v3.2 IDs key size text, Blake Ramsdell
Next by Date:	Re: S/MIME v3.2 IDs key size text, Peter Gutmann
Previous by Thread:	RE: S/MIME v3.2 IDs key size text, Peter Gutmann
Next by Thread:	Review of RFC 3278 Update, ietf
Indexes:	[Date] [Thread] [Top] [All Lists]