Thor Lancelot Simon wrote: > See below, which includes a handy pointer to the Microsoft and Mozilla > policy statements "requiring" CAs to cease signing anything shorter than > 2048 bits. <...snip...> > These certificates (the end-site ones) have lifetimes of about 3 years > maximum. Who here thinks 1280 bit keys will be factored by 2014? *Sigh*.
No one that I know of (unless the NSA folks are hiding their quantum computers from us :). But you can blame this one on NIST, not Microsoft or Mozilla. They are pushing the CAs to make this happen and I think 2014 is one of the important cutoff dates, such as the date that the CAs have to stop issuing certs with 1024-bit keys. I can dig up the NIST URL once I get back to work, assuming anyone actually cares. -kevin -- Kevin W. Wall "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents." -- Nathaniel Borenstein, co-creator of MIME --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
