On Friday, January 20, 2017 you wrote: > On 01/20/2017 11:23, Scott Kitterman wrote: > > I'm not on the ARC list, so I'll pile on this thread here... > > This is the right place for anything constructive regarding the > specification, so no problem regarding any other lists. > > > I understand the minimum key size in the draft is 512 bits. I'm not > > planning > > on releasing any software that supports key sizes less than 1024, so I > > guarantee you interoperability problems for small keys. > > +1 -- no need for weak keys. > > 1) Do we have a normative reference within the RFC framework for key > lengths for different crypto systems, and can we simply invoke that > reference rather than including a hard figure in this spec? > > 2) Does such a reference still consider 1k keys as acceptable at this > time? Is there a schedule for periodic review? > > --S.
> +++1 wrt Scott's comment about 512 bit keys. We inherit this requirement > from the DKIM spec, but imho it is not reasonable. If this is worth > discussing, perhaps we should move it to another thread? > > Regards, > =Gene OK, Since I wasn't off topic after all, here's a new thread... I believe we've looked for such a reference before and not found a good one. The IETF BCP is from 2004: https://tools.ietf.org/html/rfc3766 Operationally, 1024 is the minimum key size recommendation I generally see for DKIM today. NIST recommends 2048 bits, SHA-256 only for US goverment use [1]. Scott K [1] http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-177.pdf _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
