At 3:32 AM +1200 5/13/08, Peter Gutmann wrote:
Paul Hoffman <phoffman(_at_)imc(_dot_)org> writes:
We are not the security nannies of the Internet. As long as we give a
reasonable number of bits that all implementations should be able to sign and
verify in order to make reasonably-strong signatures, we should step back and
let organizations make their own rules.
No, that's exactly what we shouldn't do, because then organisations will use
the fact that the standard doesn't set a sane limit on the key size to justify
using completely stupid key sizes (or as a generalisation completely insecure
"security" practices) [0].
You'll need to justify this one, Peter. Show me some examples where
any previous version of S/MIME, none of which have "sane" lower
limits, was used by any organization to justify a stupid key size.
I realise that it's not possible to explicitly
outlaw every kind of stupid behaviour that users will engage in, but since
there's a list of key sizes in the doc anyway it's a pretty trivial change to
add a sensible lower bound to it.
It is a list of two elements: there is already a sensible lower
bound. Please suggest specific text that would meet your criteria.