Formal notice given of rearrangement of deck chairs on RMS PKItanic
Simon Josefsson
simon at josefsson.org
Wed Oct 6 15:43:04 EDT 2010
Jack Lloyd <lloyd at randombit.net> writes:
> On Wed, Oct 06, 2010 at 04:52:46PM +1300, Peter Gutmann wrote:
>
>> Right, because the problem with commercial PKI is all those attackers who are
>> factoring 1024-bit moduli, and apart from that every other bit of it works
>> perfectly.
>
> _If_ Mozilla and the other browser vendors actually go through with
> removing all <2048 bit CA certs (which I doubt will happen because I
> suspect most CAs will completely ignore this), it would have one
> tangible benefit:
>
> (Some of, though unfortunately not nearly all) the old CA certificates
> that have been floating around since the dawn of time (ie the mid-late
> 90s), often with poor chains of custody through multiple iterations of
> bankruptcies, firesale auctions, mergers, acquisitions, and so on,
> will die around 2015 instead of their current expirations of
> 2020-2038. Sadly this will only kill about 1/3 of the 124 (!!)
> trusted roots Mozilla includes by default.
Another consequence is that people will explore moving to ECC, which is
less studied than RSA and appears to be a patent mine-field. As much as
I'd like to get rid of old hard coded CAs in commonly used software, I
feel there are better ways to achieve that than a policy like this.
/Simon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list