[145868] in cryptography@c2.net mail archive
Re: Folly of looking at CA cert lifetimes
daemon@ATHENA.MIT.EDU (Thor Lancelot Simon)
Tue Sep 14 19:12:45 2010
Date: Tue, 14 Sep 2010 17:33:58 -0400
From: Thor Lancelot Simon <tls@rek.tjls.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: cryptography@metzdowd.com
In-Reply-To: <p06240871c8b53fdbd104@[10.20.30.158]>
On Tue, Sep 14, 2010 at 08:14:59AM -0700, Paul Hoffman wrote:
> At 10:57 AM -0400 9/14/10, Perry E. Metzger did not write, but passed on for someone else:
> >This suggests to me that even if NIST is correct that 2048 bit RSA
> >keys are the reasonable the minimum for new deployments after 2010,
> >much shorter keys are appropriate for most server certificates that
> >these CAs will sign. The CA keys have lifetimes of 10 years or more;
> >the server keys a a quarter to a fifth of that.
>
> No, no, a hundred times no. (Well, about 250 times, or however many
> CAs are in the current OS trust anchor piles.) The "lifetime" of a "CA
> key" is exactly as long as the OS or browser vendor keeps that key,
> usually in cert form, in its trust anchor pile. You should not
> extrapolate *anything* from the contents of the CA cert except the key
> itself and the proclaimed name associated with it.
I don't understand. The original text seems to be talking about *server*
certificate lifetimes, and how much shorter they are than CA cert
lifetimes. What does that have to do with "a thousand times no" about
some proposition to do with CA cert lifetimes?
In other words, if CA key lifetimes are longer than indicated by their
X.509 properties, it seems to me that just makes the quoted text about
the relationship between server and CA key lifetimes even more true.
Thor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
