Formal notice given of rearrangement of deck chairs on RMS PKItanic
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Oct 5 23:52:46 EDT 2010
>From https://wiki.mozilla.org/CA:MD5and1024:
December 31, 2010 - CAs should stop issuing intermediate and end-entity
certificates from roots with RSA key sizes smaller than 2048 bits [0]. All
CAs should stop issuing intermediate and end-entity certificates with RSA
key size smaller than 2048 bits under any root.
Under no circumstances should any party expect continued support for RSA key
size smaller than 2048 bits past December 31, 2013. This date could get
moved up substantially if necessary to keep our users safe. We recommend all
parties involved in secure transactions on the web move away from 1024-bit
moduli as soon as possible.
Right, because the problem with commercial PKI is all those attackers who are
factoring 1024-bit moduli, and apart from that every other bit of it works
perfectly.
Peter.
[0] This is ambiguously worded, but it's talking about key sizes in EE certs.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list