[Top] [All Lists]

Re: 3850bis and 3851bis: proposed changes to cryptographic key sizes

2009-01-07 07:34:21


I agree with Paul with regard to the process (new I-D preferable).

The AD proposed changes at first glance are intended to make the
requirements *stronger* (as far as possible without relying on
an official version of FIPS PUB 186-3) without sacrificing
backwards compatibility.

Therefore, I agree with the amended Security Considerations text,
for both 3850bis and 3581 bis, and the changes proposed for
receiving agent (signature verifier) behavior -- although these
now allow small key sizes (< 512) which were not allowed by
RFC 3850, and hence this change comes a bit to surprise.

However, I really do not understand why, at the 'low end', signature
*generating* agents shall now be allowed (via 'MAY') to generate
signatures with the even worse key sizes < 512, for both RSA and DSA.
Since already S/MIME v3.1 agents had no requirement for being able
to verify such signatures, why now adding the capability to produce
such signatures ?

Finally, nits for 3851bis, in (1) / Section 4.2 :

- I suggest    s!generated!generating!

- Also, for alignment with (2) / Section 4.3,
  it might be preferable to use plural:

  s!an S/MIME agent!S/MIME agents!

Kind regards,


| TR-Sys Alfred Hoenes   |  Alfred Hoenes   Dipl.-Math., Dipl.-Phys.  |
| Gerlinger Strasse 12   |  Phone: (+49)7156/9635-0, Fax: -18         |
| D-71254  Ditzingen     |  E-Mail:  ah(_at_)TR-Sys(_dot_)de