If I may give a shorter answer than Peter: for authentication purposes (as used in the WebPKI with non-RSA-key-exchange ciphersuites in TLS) there is no current deprecation plans for 2048-bit RSA.
Alex On Sat, Jan 20, 2018 at 12:00 PM, Peter Bowen via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Sat, Jan 20, 2018 at 8:31 AM, James Burton via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > > Approximate date of retirement of RSA-2048? > > This is a very broad question, as you don't specify the usage. If you > look at the US National Institute of Standards and Technology's SP > 800-57 part 1 rev 4 > (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/ > NIST.SP.800-57pt1r4.pdf), > they discuss the difference between "applying" and "processing". > Applying would usually be either encrypting or signing and processing > would usually be decrypting or verifying. > > Given that RSA is used by Mozilla products for signing long term data > (intermediate CA certificates, for example), encrypting data (for > example, encrypting email), as part of key exchange (in TLS), and for > signing for instant authentication (signature during a TLS handshake), > the appropriate retirement date may vary. > > That being said, the NIST publication above uses the assumption that > RSA with a 2048-bit modulus, where the two factors are each 1024-bit > long prime numbers, provides approximately 112-bits of strength. > Later on it states that 112-bits of strength is acceptable until 2030. > > The German Federal Office for Information Security (BSI) reportedly > recommends using a modulus length of at least 3000 bits starting in > 2023 [1]. > > Does that help answer your question? > > Thanks, > Peter > > [1] My German is very poor. If yours is better than mine, you can > read the original doc from the BSI at > https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/ > TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile > and confirm that Google Translate did not cause me to misunderstand > the recommendation > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
