> get people to change their shorter keys. Or Mark's suggestion > may be better. Do we have any data on deployed key sizes?
Unfortunately we don't and getting it is non-trivial as it involves deploying s/w. Maybe someone else does. I expect 512 to be rare, but 768 might be common. I will note that it actually takes work to check the key size, so it's an artificial constraint that may or may not be implemented very well. (As an implementor I hold the belief that all artificial constraints eventually bit-rot to zero). Further, that sort of constraint is algorithm dependent. So the true test is: if (rsa && keySize < limit)). A new algorithm may well have completely different size limits or different safety dimensions to check. Is there experience in similar fields to the success or otherwise of imposing minimum safety limits? S/MIME, PGP, SSL? Mark. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html