Key Policy Keys shall be RSA, 2048 bits in length Use new style rfc 2440 keys, not "rsa legacy keys" (e.g. v.4 not v.3 format); signing key is also 2048 bits Set some expiration date that's relevant. in the event there's no better value for a long-term key, make it valid for 768 days from issuance. see section below for incident keys. Do not send the key to a key server unless security staff has explicity decided that is appropriate. Do publish the key within the corporate internal key server infrastructure. Incident Key Policy All incident policies are governed first and foremost by the incident protocols. The default is to create a new incident key, lifetime 384 days, rsa, 2048 bit. If crypto hardware is to be used then a 1024 bit key may be used Incident keys must be signed by at least two people
This is policy revision 00 Revised 30 May 2003 © 2003 Canola & Jones