Proposal for resolution of ACTION-422, ISSUE-82 from Brian LaMacchia on 2009-12-14 (public-xmlsec@w3.org from December 2009)

From: Brian LaMacchia <bal@exchange.microsoft.com>
Date: Mon, 14 Dec 2009 22:44:49 +0000
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <2F0BC4C74513A04E99B59ADFA41373180283E032@DF-M14-05.exchange.corp.microsoft.com>

Folks,

Regarding ACTION-422 and ISSUE-82:



> ISSUE-82 -- Should 1.1 spec mandate support for range of RSA key sizes

> (and DSA)? -- OPEN



> ACTION-442 -- Brian LaMacchia to propose text for RSA for Issue-82

> (DSA already done) -- due 2009-11-14 -- OPEN

I would like to propose that we add the following text to the end of Section 6.2.6.2 (the RSA section) regarding RSA key sizes:


Security considerations regarding RSA key sizes



In Special Publication SP 800-57 Part 1 [SP800-57], NIST recommends using at least 2048-bit public keys for securing information beyond 2010 (and 3072-bit keys for securing information beyond 2030).  This XML Signature 1.1 revision REQUIRES all conforming implementations to support RSA signature generation and verification with public keys at least 2048 bits in length.  RSA public keys of 1024 bits or less SHOULD NOT be used for signatures that will be verified beyond 2010.  XML Security 1.1 implementations SHOULD use at least 2048-bit keys for all signatures, and SHOULD use at least 3072-bit keys for signatures that will be verified beyond 2030.


                                                                                --bal

Received on Monday, 14 December 2009 22:45:27 UTC