[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Last ditch proposal for crypto suites
I agree that SHOULD is the right way to go on generation, only I would
suggest that at this stage 1024 bits would be an appropriate level for at
least.
However on the support side I think that implementations that use 128 bit
ciphers need to be supporting RSA keys of at least 2048 bits and would say
they SHOULD go up to 4096.
>
> Phill:
>
> I think the SHOULD is the way to handle the key size issue.
> Here is how the S/MIME WG addressed this issue in RFC 2633.
>
> A user agent SHOULD generate RSA key pairs at a minimum
> key size of
> 768 bits. A user agent MUST NOT generate RSA key pairs
> less than 512
> bits long. Creating keys longer than 1024 bits may cause
> some older
> S/MIME receiving agents to not be able to verify signatures, but
> gives better security and is therefore valuable. A receiving agent
> SHOULD be able to verify signatures with keys of any size over 512
> bits. Some agents created in the United States have
> chosen to create
> 512 bit keys in order to get more advantageous export licenses.
> However, 512 bit keys are considered by many to be
> cryptographically
> insecure. Implementors should be aware that multiple (active) key
> pairs may be associated with a single individual. For example, one
> key pair may be used to support confidentiality, while a different
> key pair may be used for authentication.
>