> > Should we allow 1024-bit roots to continue to be enabled for SSL, as long as > > the certs issued in their hierarchy are in compliance with the BRs? > > Definitely no. Even if the certs are fully BR-compliant, 1024 is no > longer suitable for web PKI purposes. We must conservatively assume > that a 1024-bit key for an issuer certificate has been factored. Even > if none has been, we can't know and so must make the safe assumption.
I am with Chris here, but maybe for a different reason. I think rather than try themselves at factoring, anyone with the incentive to get at a CA has easier means to do so, maybe even legal ones. (*) But: First, continuing to allow 1024 bit roots would send the wrong message - Mozilla has announced this change a long while ago, and it was widely greeted. Dropping the requirement now would seem strange. Especially as Mozilla also stated that all end-entity certs issued from 1024 bit root must have expired by 2013-12-31. Second, it would also mean we'd have to wait for consensus at CABF again. In some other respects, Google seems to take the easy way here, they just enforce it on browser-side, and they are getting away with it. A possible compromise would be to extend the grace period during which CAs that still need to upgrade their certs can be fast-tracked for inclusion of the new roots. If they still don't move, well... (*) I may be wrong. I hear there is a melting building in Utah. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
