[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: S/MIME v3.2 IDs key size text

To: "'Tony Capel'" <capel@xxxxxxxxxxx>, <ietf-smime@xxxxxxx>
Subject: RE: S/MIME v3.2 IDs key size text
From: "Turner, Sean P." <turners@xxxxxxxx>
Date: Tue, 25 Mar 2008 10:14:58 -0400
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Organization: IECA, Inc.
References: <> <>
Sender: owner-ietf-smime@xxxxxxxxxxxx
Thread-index: AciJ9IEYgKzyHW7bT0ycxmZT8JqH+AAA02ZwASJZmbA=

Tony,

This sounds reasonable, I'll remove the sentence.

spt 

>-----Original Message-----
>From: Tony Capel [mailto:capel@xxxxxxxxxxx] 
>Sent: Wednesday, March 19, 2008 4:12 PM
>To: 'Turner, Sean P.'; ietf-smime@xxxxxxx
>Subject: RE: S/MIME v3.2 IDs key size text
>
>My only concern is making key size generation requirements a 
>MANDATORY part of this standard.  I understand it may have 
>been appropriate in the past.
>
>I agree with making non-mandatory RECOMMENDATIONS regarding 
>key size generation.
>Also agree with making support for minimum key size ranges 
>mandatory.  And have no problems with the sizes proposed.
>
>However MANDATING (MUST/MUST-NOT) the generation and use of 
>specific minimum sizes (or algorithms for that matter) seems 
>to me to be better addressed by Cert Policies, etc. - and 
>indeed in many cases key generation and use ends up being 
>imposed by the PKI design - and defined in the corresponding 
>CP - anyway.
>
>I agree the RFC should set out as mandatory the minimum 
>specifications required to ensure a high likelihood of 
>interoperability.  However, if users choose to use small keys 
>(and are allowed to under their CP) then does this make the 
>implementation non-compliant to S/MIME v3.2?  For example, if 
>S/MIME is used to implement a compartmentalized security 
>policy and used over a secure infrastructure, do we presume to 
>say a 768 bit key is insufficient for this particular application?  
>
>The only change I would suggest is to remove the sentence:
>" A user agent MUST NOT generate RSA key pairs less than 1024 
>bits long"
>
>The previous sentence to this already captures the 
>RECOMMENDATION against keys of less than 1024 anyway.
>
>I think in earlier versions of the RFC it was appropriate to 
>mandate minimum key sizes, but nowadays, we should leave this 
>decision to the designers who are working against the threat 
>and risk assessment (and sure, include recommendations aimed 
>at less sophisticated users).
>
>Tony
>
>
>| -----Original Message-----
>| From: owner-ietf-smime@xxxxxxxxxxxx
>| [mailto:owner-ietf-smime@xxxxxxxxxxxx] On Behalf Of Turner, Sean P.
>| Sent: March 19, 2008 3:08 PM
>| To: ietf-smime@xxxxxxx
>| Subject: S/MIME v3.2 IDs key size text
>| 
>| 
>| 
>| The key size text is the remaining issue with the S/MIME v3.2 IDs.  
>| What I'm hoping to do is consensus on the text so we can 
>issue a WG LC 
>| on these two IDs. To make sure there's no confusion I've 
>included the 
>| old and new text from the two IDs. If you have comments on the new 
>| text please be specific about the change you are proposing.
>| 
>| spt
>| 
>| --------------
>| 
>| In 3850bis, the update is to section 4.3 (this is the only sentence 
>| that refers to key sizes):
>| 
>| (old) Key sizes from 512 bits to 2048 bits MUST be supported.
>| 
>| (new) Key sizes from 1024 bits to 2048 bits MUST be supported.
>| 
>| In 3851bis, the update is to section 4.1:
>| 
>| (old) If an S/MIME agent needs to generate an RSA key pair, then the 
>| S/MIME agent or some related administrative utility or 
>function SHOULD 
>| generate RSA key pairs using the following guidelines.  A user agent 
>| SHOULD generate RSA key pairs at a minimum key size of 768 bits.  A 
>| user agent MUST NOT generate RSA key pairs less than 512 bits long. 
>| Creating keys longer than 1024 bits can cause some older S/MIME 
>| receiving agents to not be able to verify signatures, but 
>gives better 
>| security and is therefore valuable.  A receiving agent 
>SHOULD be able 
>| to verify signatures with keys of any size over 512 bits. 
>Some agents 
>| created in the United States have chosen to create 512 bit keys in 
>| order to get more advantageous export licenses. However, 512 
>bit keys 
>| are considered by many to be cryptographically insecure. 
>Implementers 
>| SHOULD be aware that multiple (active) key pairs can be associated 
>| with a single individual.  For example, one key pair can be used to 
>| support confidentiality, while a different key pair can be used for 
>| authentication.
>| 
>| (new) If an S/MIME agent needs to generate an RSA key pair, then the 
>| S/MIME agent or some related administrative utility or 
>function SHOULD 
>| generate RSA key pairs using the following guidelines.  A user agent 
>| SHOULD generate RSA key pairs at a minimum key size of 1024 bits.  A 
>| user agent MUST NOT generate RSA key pairs less than 1024 bits long. 
>| Creating keys longer than 1024 bits can cause some older S/MIME 
>| receiving agents to not be able to verify signatures, but 
>gives better 
>| security and is therefore valuable.  A receiving agent 
>SHOULD be able 
>| to verify signatures with keys of any size over 512 bits.
>| 
>| - the last four sentences from old text were moved to the security 
>| considerations.
>| 
>

References:
- S/MIME v3.2 IDs key size text
  - From: Turner, Sean P.
- RE: S/MIME v3.2 IDs key size text
  - From: Tony Capel

Prev by Date: Review of RFC 3278 Update
Next by Date: RE: S/MIME v3.2 IDs key size text
Previous by thread: RE: S/MIME v3.2 IDs key size text
Next by thread: Re: S/MIME v3.2 IDs key size text
Index(es):
- Date
- Thread