Thor Lancelot Simon wrote:
> See below, which includes a handy pointer to the Microsoft and Mozilla
> policy statements "requiring" CAs to cease signing anything shorter than
> 2048 bits.
> These certificates (the end-site ones) have lifetimes of about 3 years
> maximum.  Who here thinks 1280 bit keys will be factored by 2014?  *Sigh*.

No one that I know of (unless the NSA folks are hiding their quantum computers
from us :). But you can blame this one on NIST, not Microsoft or Mozilla.
They are pushing the CAs to make this happen and I think 2014 is one of
the important cutoff dates, such as the date that the CAs have to stop
issuing certs with 1024-bit keys.

I can dig up the NIST URL once I get back to work, assuming anyone actually

Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to