Thor Lancelot Simon wrote:
> See below, which includes a handy pointer to the Microsoft and Mozilla
> policy statements "requiring" CAs to cease signing anything shorter than
> 2048 bits.
<...snip...>
> These certificates (the end-site ones) have lifetimes of about 3 years
> maximum.  Who here thinks 1280 bit keys will be factored by 2014?  *Sigh*.

No one that I know of (unless the NSA folks are hiding their quantum computers
from us :). But you can blame this one on NIST, not Microsoft or Mozilla.
They are pushing the CAs to make this happen and I think 2014 is one of
the important cutoff dates, such as the date that the CAs have to stop
issuing certs with 1024-bit keys.

I can dig up the NIST URL once I get back to work, assuming anyone actually
cares.

-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to