Jack Lloyd <ll...@randombit.net> writes: > On Wed, Oct 06, 2010 at 04:52:46PM +1300, Peter Gutmann wrote: > >> Right, because the problem with commercial PKI is all those attackers who are >> factoring 1024-bit moduli, and apart from that every other bit of it works >> perfectly. > > _If_ Mozilla and the other browser vendors actually go through with > removing all <2048 bit CA certs (which I doubt will happen because I > suspect most CAs will completely ignore this), it would have one > tangible benefit: > > (Some of, though unfortunately not nearly all) the old CA certificates > that have been floating around since the dawn of time (ie the mid-late > 90s), often with poor chains of custody through multiple iterations of > bankruptcies, firesale auctions, mergers, acquisitions, and so on, > will die around 2015 instead of their current expirations of > 2020-2038. Sadly this will only kill about 1/3 of the 124 (!!) > trusted roots Mozilla includes by default.
Another consequence is that people will explore moving to ECC, which is less studied than RSA and appears to be a patent mine-field. As much as I'd like to get rid of old hard coded CAs in commonly used software, I feel there are better ways to achieve that than a policy like this. /Simon --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com