[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: S/MIME v3.2 IDs key size text
Russ,
This sounds reasonable. I replace the following sentence in 3851bis:
A receiving agent SHOULD be able to verify signatures with keys of any size
over 512 bits.
with
A receiving agent SHOULD be able to verify signatures with keys up to 16384
bits.
spt
>-----Original Message-----
>From: owner-ietf-smime@xxxxxxxxxxxx
>[mailto:owner-ietf-smime@xxxxxxxxxxxx] On Behalf Of Russ Housley
>Sent: Wednesday, March 19, 2008 4:48 PM
>To: Turner, Sean P.; ietf-smime@xxxxxxx
>Subject: Re: S/MIME v3.2 IDs key size text
>
>
>Sean:
>
>>A receiving agent SHOULD be able to verify signatures with
>keys of any
>>size over 512 bits.
>
>This is asking for denial of service attack. What if someone
>sends a certificate that contains a 64Kbit value claiming to
>be a public key and a blob of random bits claiming to be a
>signature? The amount of time to check the signature (and
>probably find that it is not valid) is onerous.
>
>Today, I cannot imagine someone making use of a public key
>larger than 8192 bits. Double that it you want to be very
>future proof.
>
>Russ
>