This is a static archive of the previous Open Grid Forum Redmine content management system saved from host redmine.ogf.org file /boards/14/topics/483 at Thu, 03 Nov 2022 01:52:05 GMT CA key SHOULD be at least 4096 bits - Public Comments - Open Grid Forum

CA key SHOULD be at least 4096 bits

Added by Jim Basney about 7 years ago

http://wiki.eugridpma.org/Main/PKITechnologyGuidelines says "The length of the CA key for RSA based cryptography must be at least 2048 bits and should be at least 4096 bits" but the largest key size in draft-ogf-caops-grid-certificate-profile-125bis-v08 Section 4.4 is 3072 bits. I think draft-ogf-caops-grid-certificate-profile-125bis should be updated prior to publication to recommend 4096 bit RSA keys matching the current IGTF recommendation.


Replies (1)

RE: CA key SHOULD be at least 4096 bits - Added by David Groep over 6 years ago

Summarizing the Bratislava CAOPS consensus:
The length is only stated in the 125bis draft in the context of recapping the NIST SP800-57 comparison on key strength. The comment is of course good practice in itself, but what RSA key size is actually to be used should be considered an IGTF policy decision and is thus out of scope of this Profile.

(1-1/1)

This is a static archive of the previous Open Grid Forum Redmine content management system saved from host redmine.ogf.org file /boards/14/topics/483 at Thu, 03 Nov 2022 01:52:05 GMT