[145857] in cryptography@c2.net mail archive
Folly of looking at CA cert lifetimes
daemon@ATHENA.MIT.EDU (Paul Hoffman)
Tue Sep 14 13:21:36 2010
In-Reply-To: <20100914105749.4a873b5d@jabberwock.cb.piermont.com>
Date: Tue, 14 Sep 2010 08:14:59 -0700
To: cryptography@metzdowd.com
From: Paul Hoffman <paul.hoffman@vpnc.org>
At 10:57 AM -0400 9/14/10, Perry E. Metzger did not write, but passed on for someone else:
>This suggests to me that even if NIST is correct that 2048 bit RSA
>keys are the reasonable the minimum for new deployments after 2010,
>much shorter keys are appropriate for most server certificates that
>these CAs will sign. The CA keys have lifetimes of 10 years or more;
>the server keys a a quarter to a fifth of that.
No, no, a hundred times no. (Well, about 250 times, or however many CAs are in the current OS trust anchor piles.) The "lifetime" of a "CA key" is exactly as long as the OS or browser vendor keeps that key, usually in cert form, in its trust anchor pile. You should not extrapolate *anything* from the contents of the CA cert except the key itself and the proclaimed name associated with it.
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
