Forums » #65 - Grid Certificate Profile »
CA key SHOULD be at least 4096 bits
Added by Jim Basney about 7 years ago
http://wiki.eugridpma.org/Main/PKITechnologyGuidelines says "The length of the CA key for RSA based cryptography must be at least 2048 bits and should be at least 4096 bits" but the largest key size in draft-ogf-caops-grid-certificate-profile-125bis-v08 Section 4.4 is 3072 bits. I think draft-ogf-caops-grid-certificate-profile-125bis should be updated prior to publication to recommend 4096 bit RSA keys matching the current IGTF recommendation.
Replies (1)
RE: CA key SHOULD be at least 4096 bits - Added by David Groep over 6 years ago
Summarizing the Bratislava CAOPS consensus:
The length is only stated in the 125bis draft in the context of recapping the NIST SP800-57 comparison on key strength. The comment is of course good practice in itself, but what RSA key size is actually to be used should be considered an IGTF policy decision and is thus out of scope of this Profile.
(1-1/1)