>1) Do we have a normative reference within the RFC framework for key >lengths for different crypto systems, and can we simply invoke that >reference rather than including a hard figure in this spec?
There's RFC 3766, but it's over a decade old and has rules for how to figure out how long a key you need, not the actual sizes. This NIST publication seems relevant: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf The tables on pages 52 and 53 suggest that we use 2K keys and sha256 hashes. >2) Does such a reference still consider 1k keys as acceptable at this >time? Is there a schedule for periodic review? No. See the document. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
