Formal notice given of rearrangement of deck chairs on RMS PKItanic
Jack Lloyd
lloyd at randombit.net
Wed Oct 6 11:15:51 EDT 2010
On Wed, Oct 06, 2010 at 04:52:46PM +1300, Peter Gutmann wrote:
> Right, because the problem with commercial PKI is all those attackers who are
> factoring 1024-bit moduli, and apart from that every other bit of it works
> perfectly.
_If_ Mozilla and the other browser vendors actually go through with
removing all <2048 bit CA certs (which I doubt will happen because I
suspect most CAs will completely ignore this), it would have one
tangible benefit:
(Some of, though unfortunately not nearly all) the old CA certificates
that have been floating around since the dawn of time (ie the mid-late
90s), often with poor chains of custody through multiple iterations of
bankruptcies, firesale auctions, mergers, acquisitions, and so on,
will die around 2015 instead of their current expirations of
2020-2038. Sadly this will only kill about 1/3 of the 124 (!!)
trusted roots Mozilla includes by default.
-Jack
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list