...
So, in fact, for general use it is a minimum that is recommended
(1024 bits), not an absolute, and where an absolute number is quoted
it's for RIRs and LIRs, and even then a SHOULD rather than a MUST.
We have lots of time to revise this text, but I'd suggest that we
establish target sizes for RIRs, LIRs, and ISPs, and that we try to
establish a max key size as well, for the reasons I cited. However,
we can put this into a CP, instead of the cert profile, if we want to
maintain flexibility.
Your comments above though (and Rob's comments earlier) make me
wonder about the hard requirement that the algorithm MUST be RSA,
though. Seems to me that a future transition to a different
algorithm would require a new document to be issued which updates
this one. Perhaps that's a feature.
Switching to a different algorithm will be a big deal. Changing the
documentation will be the easiest part of such a transition :-).
_______________________________________________
Sidr mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/sidr
