307 digit number factored

Victor Duchovni Victor.Duchovni at MorganStanley.com
Mon May 21 23:52:04 EDT 2007


On Mon, May 21, 2007 at 08:07:24PM -0700, Paul Hoffman wrote:

> >The other issue is that sites will need multiple certs during any
> >transition from RSA to ECC, because the entire Internet won't upgrade
> >overnight. I am not expecting public CAs to cooperate by charging the
> >same price for two certs (RSA and ECC) for the same subject name(s),
> >this also may significantly impede migration.
> 
> That's good of you not to expect it, given that zero of the major CAs 
> seem to support ECC certs today, and even if they did, those certs 
> would not work in IE on XP.

We are not talking about this year or next of course. My estimate is
that Postfix releases designed this year, ship next year, are picked up
by some O/S vendors the year after and shipped perhaps a year after that,
then customers take a few years to upgrade, ... So for some users Postfix
2.5 will be their MTA upgrade in 2011 or later. So we need to anticipate
future demand by a few years to be current at the time that users begin
to use the software.

As 1024 RSA keys are not a major risk *today*, but that may be in sight,
it is not unreasonable to explore the (multi-year) road to ECC adoption.
There are many obstacles, it may take a long time, but I am removing
the one obstacle I can remove...

Initially ECC in Postfix will be used by private arrangements between
sites that manually exchange keys and have no need of a public CA.
Postfix, 2.5 also includes a new "fingerprint" security level, where
the SMTP client verifies the server certificate by its md5, sha1, or
SHA256/384/512 fingerprint. (No support for web-of-trust, one step
at a time).

-- 

 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list