RE: Last ditch proposal for crypto suites

["Hallam-Baker, Phillip" <pbaker@verisign.com>]

I agree that SHOULD is the right way to go on generation, only I would
suggest that at this stage 1024 bits would be an appropriate level for at
least.

However on the support side I think that implementations that use 128 bit
ciphers need to be supporting RSA keys of at least 2048 bits and would say
they SHOULD go up to 4096.



> 
> Phill:
> 
> I think the SHOULD is the way to handle the key size issue.
> Here is how the S/MIME WG addressed this issue in RFC 2633.
> 
>     A user agent SHOULD generate RSA key pairs at a minimum 
> key size of
>     768 bits. A user agent MUST NOT generate RSA key pairs 
> less than 512
>     bits long. Creating keys longer than 1024 bits may cause 
> some older
>     S/MIME receiving agents to not be able to verify signatures, but
>     gives better security and is therefore valuable. A receiving agent
>     SHOULD be able to verify signatures with keys of any size over 512
>     bits. Some agents created in the United States have 
> chosen to create
>     512 bit keys in order to get more advantageous export licenses.
>     However, 512 bit keys are considered by many to be 
> cryptographically
>     insecure.  Implementors should be aware that multiple (active) key
>     pairs may be associated with a single individual. For example, one
>     key pair may be used to support confidentiality, while a different
>     key pair may be used for authentication.
>