[145933] in cryptography@c2.net mail archive
Re: 2048 bits, damn the electrons! [rt@openssl.org: [openssl.org
daemon@ATHENA.MIT.EDU (Kevin W. Wall)
Thu Sep 30 09:38:30 2010
Date: Thu, 30 Sep 2010 03:17:14 -0400
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
To: Thor Lancelot Simon <tls@rek.tjls.com>
CC: cryptography@metzdowd.com
In-Reply-To: <20100929200318.GA11653@panix.com>
Thor Lancelot Simon wrote:
> See below, which includes a handy pointer to the Microsoft and Mozilla
> policy statements "requiring" CAs to cease signing anything shorter than
> 2048 bits.
<...snip...>
> These certificates (the end-site ones) have lifetimes of about 3 years
> maximum. Who here thinks 1280 bit keys will be factored by 2014? *Sigh*.
No one that I know of (unless the NSA folks are hiding their quantum computers
from us :). But you can blame this one on NIST, not Microsoft or Mozilla.
They are pushing the CAs to make this happen and I think 2014 is one of
the important cutoff dates, such as the date that the CAs have to stop
issuing certs with 1024-bit keys.
I can dig up the NIST URL once I get back to work, assuming anyone actually
cares.
-kevin
--
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents." -- Nathaniel Borenstein, co-creator of MIME
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
