Hanno Böck <ha...@hboeck.de> writes: >I think this is generally a good idea, however I'd propose that you don't >generate any new keys, but just re-use keys from existing RFC. > >RFCs 4474 4870 4871 6216 7468 8225 8410 8463 8479 8696 8946 8995 9092 contain >private keys.
I had a look and... that's a real cargo-cult exercise, those keys are in all sorts of formats, many have inappropriate sizes like 768 bits, and some only have public but no private keys (or at least I couldn't find any in one or more of the above when I looked). The advantage of generating new ones is that I can just script the creation of the right key types in the right sizes without having to extract things from all over the place, so I can just dump the output of the generation code into an RFC draft without a lot of hand- editing. Since no-one's said it's a bad idea, I'll get to work in a draft. I was thinking: RSA: 1024, 2048, 4096 DLP (DSA, DH, etc): 1024, 2048, 4096 ECC: P256, P384, P521 That should cover 99.99% of the usual suspects without bringing in a mass of oddball sizes and algorithms. Peter. -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/SY4PR01MB6251DEE808D783E122EE4AF1EE709%40SY4PR01MB6251.ausprd01.prod.outlook.com.