Make RSA 4096 combos - Githubissues

lamps-wg / draft-composite-sigs

IETF Internet-Draft about X.509 certificates with composite keys and signatures.

Other

1 stars 1 forks source link

Make RSA 4096 combos #24

Open ounsworth opened 1 month ago

ounsworth commented 1 month ago

We have been asked to add RSA-4096 combos for existing infrastructures where deployed software or policy requires 4096 bit keys.

Suggestion is that since RSA 4096 is not much above 128 bit security (certainly not as much as AES-192 or SHA-384), we should pair it with the same cipher suites as the RSA-3072 combo. Or maybe even replace the 3072 combo?

janklaussner commented 1 month ago

@ounsworth I would rather add combinations, and yes, the same as with RSA 3072.

RSA 4096 is expensive when I think of our smart card products
RSA 3072 is expected to be secure enough at least till 2030 by BSI
not even RSA 1024 is cracked till now (80 bits security) so I expect it to last 10 more years... without CRQC of course

ounsworth commented 1 month ago

Should we drop the key size from the OID at all?

Yes: Piotr, Scott No: Tim, Sophie, Mike

johngray-dev commented 1 month ago

Group decided to add two new RSA 4096 combinations... one for PKCS 1.5, and PSS...