[Ach] Proposing RSA keylengths

Pepi Zawodsky pepi.zawodsky at maclemon.at
Tue Nov 5 17:31:04 CET 2013

I consider Moore's law to be in favour of our recommendations. Some performance problems fix themselves over time.
So if you're running on 2048bit RSA you're likely ok, we recommend to opt for 4096bit RSA on new deployments if possible.

I second the use of RFC like wording (and propose to also include the introductory pamphlet on how to properly read these).

On 05.11.2013, at 17:13, Aaron Zauner <azet at azet.org> wrote:

> Thats what i generally deploy. The problem still being, 4096bit keys cause some overhead and for large hosting companies or frequently used websites this might very well not be acceptable. The current (FOSS & crypto) community recommendation regarding RSA keysizes is 2048bit. 
> We could define this using RFC keywords
> MUST NOT:	<2048bit RSA
> SHOULD:	>2048bit RSA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131105/5b6f510a/attachment.sig>

More information about the Ach mailing list