Folly of looking at CA cert lifetimes
Thor Lancelot Simon
tls at rek.tjls.com
Tue Sep 14 17:33:58 EDT 2010
On Tue, Sep 14, 2010 at 08:14:59AM -0700, Paul Hoffman wrote:
> At 10:57 AM -0400 9/14/10, Perry E. Metzger did not write, but passed on for someone else:
> >This suggests to me that even if NIST is correct that 2048 bit RSA
> >keys are the reasonable the minimum for new deployments after 2010,
> >much shorter keys are appropriate for most server certificates that
> >these CAs will sign. The CA keys have lifetimes of 10 years or more;
> >the server keys a a quarter to a fifth of that.
>
> No, no, a hundred times no. (Well, about 250 times, or however many
> CAs are in the current OS trust anchor piles.) The "lifetime" of a "CA
> key" is exactly as long as the OS or browser vendor keeps that key,
> usually in cert form, in its trust anchor pile. You should not
> extrapolate *anything* from the contents of the CA cert except the key
> itself and the proclaimed name associated with it.
I don't understand. The original text seems to be talking about *server*
certificate lifetimes, and how much shorter they are than CA cert
lifetimes. What does that have to do with "a thousand times no" about
some proposition to do with CA cert lifetimes?
In other words, if CA key lifetimes are longer than indicated by their
X.509 properties, it seems to me that just makes the quoted text about
the relationship between server and CA key lifetimes even more true.
Thor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list