Joe,
4096-bit RSA is computationally intensive, which is why I didn't
suggest that we set minimum key sizes. There is a tendency for some
folks to pick bigger keys w/o regard to the need for such. We see
this often in the IPsec environment, where when AES was adopted, many
folks were convinced that 256-bit AES keys were appropriate, when
128-bit keys would be just fine.
In the case of a PKI, one should take into account the impact on the
relying parties who will have to check signatures generated with very
large keys, as well as the local impact on an individual CA that uses
a very large key for signing.
As Robert noted, in the long run we can transition to EC DSA when we
feel to need for bigger (equivalent) key sizes. That's what folks
are doing in general, as an alternative to very big RSA keys.
Steve
_______________________________________________
Sidr mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/sidr
