[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: S/MIME v3.2 IDs key size text

To: "ietf-smime@xxxxxxx" <ietf-smime@xxxxxxx>
Subject: Re: S/MIME v3.2 IDs key size text
From: "Denis Pinkas" <denis.pinkas@xxxxxxxx>
Date: Wed, 26 Mar 2008 11:51:41 +0100
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime@xxxxxxxxxxxx


>Steve:

>>A separate issue is whether such a signature is verified before or 
>>after the certificate itself is verified and whether one can 
>>persuade a CA to issue a certificate containing such a key.

>Indeed, this is the best solution.  Perhaps we should drop the max 
>size limit and discuss this point in the security considerations.

I was amazed by the following proposal :
"A receiving agent SHOULD be able to verify signatures with keys up to 16384 bits".

If we drop it, then there is no guidance anymore.

Reasonably, for any implementation, today:
"A receiving agent SHOULD be able to verify signatures with keys up to 2048 bits".

This does not prevent any implementation to support larger key sizes.

Denis

>Russ

Prev by Date: Re: S/MIME v3.2 IDs key size text
Previous by thread: Re: S/MIME v3.2 IDs key size text
Next by thread: Review of RFC 3278 Update
Index(es):
- Date
- Thread