ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: S/MIME v3.2 IDs key size text (resend, this time not opaque signed with 2k key)

2008-05-03 12:40:00
from [Paul Hoffman] [Permanent Link] 

At 2:49 PM -0400 5/3/08, Tony Capel wrote:

1A) Both signing and verifying.

Verisign has been issuing both 1k and 2k single keypair certs for some
time, 2k is becoming common in many product specifications and recommended
by many reputable authorities.
How is this relevant to the discussion thread? There are lots of communities that use (and even require) higher security than what is in the current spec. For example, the US Department of Defense is now mandating the use of elliptic curve cryptography for digital signatures. Using them as the base, instead of VeriSign, we would have a mandatory-to-implement requirement for ECC. I do not imagine you would support that, so I don't see why picking one product (the 2K certs) from one vendor should affect our decision for the mandatory-to-implement requirements as long as we make it clear that it is likely that any application will probably want to do more than that. 


So if we wish to guarantee a minimum level of "out-of-the-box"
interoperability from a box which has a simplistic specification
"compliant to smime v3.2"; then we should include a mandate for 2k and
lower support for all operations to meet today's requirement.
This completely confuses mandatory-to-implement and optional. VeriSign uses one of the options available to them, namely longer key sizes. They also use the mandatory-to-implement size, and they still distribute their own certificates using much-lower-than-mandatory sizes. None of that is relevant to anyone other than VeriSign and their customers.
Our task is to create a standard that is usable by as many people as possible while at the same time as setting some minimum operational security expectations. For interoperability, we need to say "you can verify signatures created following this spec". For minimum operational security, we have to pick a size that is reasonable for the vast majority of users while encouraging software developers to support all reasonable sizes.
Please read RFC 3766. If you believe that the numbers in there are wrong, by all means let the IETF community know. If you believe that the numbers there are right but you still think that a typical user needs more than 75 bits of symmetric strength for their signatures, even though no one has ever done that much effort for even a single attack in public, please say why.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: S/MIME v3.2 IDs key size text (resend, this time not opaque signed with 2k key), Tony Capel
Next by Date:  RE: New ASN.1 modules comments/questions, Jim Schaad
Previous by Thread:  RE: S/MIME v3.2 IDs key size text (resend, this time not opaque signed with 2k key), Tony Capel
Next by Thread:  RE: S/MIME v3.2 IDs key size text (resend, this time not opaque signed with 2k key), Luther Martin
Indexes:  [Date] [Thread] [Top] [All Lists]