[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: S/MIME v3.2 IDs key size text

To: <ietf-smime@xxxxxxx>
Subject: RE: S/MIME v3.2 IDs key size text
From: "Turner, Sean P." <turners@xxxxxxxx>
Date: Fri, 2 May 2008 13:39:03 -0400
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Organization: IECA, Inc.
References: <> <200803192107.m2JL7PYY060318@xxxxxxxxxxxxxxxxxxxxx> <> <>
Sender: owner-ietf-smime@xxxxxxxxxxxx
Thread-index: AciOo6ubmDvRbsL0T2OcCb8+6E2KgQd1rSog

Paul has suggest a rewording of his text for 4.1 as follows:

A receiving agent needs to be able to verify signatures whose key length is
chosen by the signer. For interoperability, a receiving agent MUST be able
to verify signatures whose key length is 1024 bits or shorter. Being able to
verify signatures is mandatory because earlier versions of this
specification required the ability to generate signatures with shorter key
lengths. Note that most receiving agents are likely to see signatures whose
key length is longer than 1024 bits during the next decade, and those
receiving agents will want to be able to verify those signatures.

He's also suggested the following security consideration:

Receiving agents are only required to validate signatures that are the same
length as sending agents are required to produce, namely 1024 bits. Many
people feel that signatures of 1024 bits do not meet their security
requirements today, or even if they meet their requirements today, they will
not meet their requirements in the foreseeable future. Therefore, sending
and receiving agents need to decide what strength of signature they want to
produce and validate, respectively. Further, those decisions need to be
reviewed periodically in light of decreasing cryptographic strength over
time of signatures.

spt

>-----Original Message-----
>From: Paul Hoffman [mailto:phoffman@xxxxxxx] 
>Sent: Tuesday, March 25, 2008 2:12 PM
>To: Turner, Sean P.; 'Russ Housley'; ietf-smime@xxxxxxx
>Subject: RE: S/MIME v3.2 IDs key size text
>
>At 10:16 AM -0400 3/25/08, Turner, Sean P. wrote:
>>This sounds reasonable. I replace the following sentence in 3851bis:
>>
>>A receiving agent SHOULD be able to verify signatures with 
>keys of any 
>>size over 512 bits.
>>
>>with
>>
>>A receiving agent SHOULD be able to verify signatures with keys up to 
>>16384 bits.
>
>I disagree with the upper limit. Verifying signatures with 16K 
>bit keys is very difficult for constrained  devices; this 
>"SHOULD" may have the effect of making device makers need to 
>use faster CPUs than they would normally want to have.
>
>It is unclear which part of the SHOULD is not a MUST here. 
>Because we are talking only about interoperability, then the 
>number is 1024, which is what the key creators SHOULD be 
>making. But that is clearly a lower bound of what a typical 
>receiver might expect. Therefore, a short sentence like the 
>one proposed is insufficient. How about:
>
>A receiving agent needs to be able to verify signatures whose 
>key length is chosen by the signer. At a minimum, a receiving 
>agent MUST be able to verify signatures whose key length is 
>1024 bits or shorter. However, most receiving agents are 
>likely to see signatures whose key length is longer than that 
>during the next decade.

Follow-Ups:
- RE: S/MIME v3.2 IDs key size text
  - From: Tony Capel
- RE: S/MIME v3.2 IDs key size text
  - From: Peter Gutmann

References:
- S/MIME v3.2 IDs key size text
  - From: Turner, Sean P.
- Re: S/MIME v3.2 IDs key size text
  - From: Russ Housley
- RE: S/MIME v3.2 IDs key size text
  - From: Turner, Sean P.
- RE: S/MIME v3.2 IDs key size text
  - From: Paul Hoffman

Prev by Date: I-D ACTION:draft-ietf-smime-sha2-05.txt
Next by Date: I-D ACTION:draft-ietf-smime-rfc3278-update-03.txt
Previous by thread: Re: S/MIME v3.2 IDs key size text
Next by thread: RE: S/MIME v3.2 IDs key size text
Index(es):
- Date
- Thread