[163207] in North American Network Operators' Group
Re: ADVANCE WARNING: Google moving to 2048-bit SSL and root keys
daemon@ATHENA.MIT.EDU (Ryan Gard)
Sat May 25 02:37:18 2013
In-Reply-To: <CAAAwwbW9nRHDj2QbGmJ_YDsfAuCAO+LhB9sDtJe3SPOxkP2xAA@mail.gmail.com>
Date: Sat, 25 May 2013 02:37:00 -0400
From: Ryan Gard <ryangard@gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
From what it looks like, I'd assume they'll be sticking with a CA that has
a 2048 bit certificate as well.
Seems they also put a sandbox for testing together. That being said, they
won't confirm or deny whether or not they'll be using the same CA as they
have in the sandbox...
https://cert-test.sandbox.google.com/
On Fri, May 24, 2013 at 9:34 PM, Jimmy Hess <mysidia@gmail.com> wrote:
> On 5/24/13, Jay Ashworth <jra@baylink.com> wrote:
>
>
> Hm.. this might be no big deal if not for public key pinning and CA
> pinning in modern browsers of certain sites, they could just get
> themselves 2048 bit certificates from any CA...
>
> So what could otherwise be a routine certificate change, may have some
> unusual extra baggage attached to it -- requiring end users performing
> software code update in their only slightly outdated browsers,
> instead of just switching certificates, so they stop getting big red
> SSL errors when trying to perform searches via Google...
>
>
> > Via PRIVACY Forum:
> >
> > ----- Forwarded Message -----
> >> From: "PRIVACY Forum mailing list" <privacy@vortex.com>
> >
> >> Google moving to longer SSL keys
> >>
> >> http://j.mp/10YAWaC (Google Online Security Blog)
>
> --
> -JH
>
>
--
Ryan Gard
