Hi Sean, That last paragraph was inserted in response to this posting from David Cooper
http://www.ietf.org/mail-archive/web/sidr/current/msg01067.html At the time David's proposed text attracted no further comment, and I folded it into the subsequent rev of the draft. I understand that you are proposing that we now drop this text from the next rev of the draft. I'm happy to do so, unless of course others pipe up to your proposal with a contrary opinion. Geoff On 13/10/2010, at 5:06 AM, Sean Turner wrote: > I think this version looks great with one exception. I believe the last > paragraph in Section 5 (repeated below for convenience) should be deleted: > > In anticipation of a potential need to transition to stronger > cryptographic algorithms in the future, CAs and RPs SHOULD be able to > generate and verify RSASSA-PKCS1-v1_5 signatures using the SHA-512 > hash algorithm and RSA key sizes of 3072 and 4096 bits. > > I think we should require that implementations support algorithm agility, but > I'd like to not presuppose the algorithms and key sizes for something that's > going to happen 5-8 years down the road. Who knows maybe SHA3 will be so > whiz bang maybe we'll want to move to it. If we added the following as a > security consideration I believe the intent would be satisfied: > > Implementations MUST support algorithm agility. > > spt > > [email protected] wrote: >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Secure Inter-Domain Routing Working Group >> of the IETF. >> Title : A Profile for Algorithms and Key Sizes for use in the >> Resource Public Key Infrastructure >> Author(s) : G. Huston >> Filename : draft-ietf-sidr-rpki-algs-03.txt >> Pages : 6 >> Date : 2010-10-08 >> This document specifies the algorithms, algorithms' parameters, >> asymmetric key formats, asymmetric key size and signature format for >> the Resource Public Key Infrastructure subscribers that generate >> digital signatures on certificates, Certificate Revocation Lists, and >> signed objects as well as for the Relying Parties (RPs) that verify >> these digital signatures. >> A URL for this Internet-Draft is: >> http://www.ietf.org/internet-drafts/draft-ietf-sidr-rpki-algs-03.txt >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> Below is the data which will enable a MIME compliant mail reader >> implementation to automatically retrieve the ASCII version of the >> Internet-Draft. >> ------------------------------------------------------------------------ >> _______________________________________________ >> sidr mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/sidr > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr -- Geoff Huston Chief Scientist, APNIC +61 7 3858 3100 [email protected] _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
