Paul Hoffman wrote: > > Let's talk specifics. Greatly appreciated.
> The Verisign "Class 3 Public Primary Certification > Authority", which is widely used to create popular SSL certs on the > Internet (see <https://www.amazon.com/>), has a 1024-bit RSA key and has > an expiration date of Aug 1 23:59:59 2028. Yes, that's a bit over 20 > years from now. > > Unless Mozilla says "we are going to yank that particular Verisign > certificate, and all the ones with similar key lengths, decades before > they expire", there is absolutely no reason for us to, 20 years in > advance, start requiring "new" CAs to use stronger keys. It is just not > justified. But probably new CAs have an even later expiration date. > If we want to ramp up the mandatory key sizes, we need to also > simultaneously promise to pull out all CAs that don't meet those sizes > at a reasonable time. Otherwise, we are just pretending to be helping. Yupp. > Proposal: > a) Starting January 1 2009, all new CA roots must be 2048 bit RSA or 256 > bit EC. > b) Starting January 1 2014, all CA roots must be 2048 bit RSA or 256 bit > EC. I'm fine with that. Maybe one could extend a) that 1024-bit keyed CA roots should not have an expiry date later than 2013-12-31. That would make the issue clear to CAs. > If we adopt such a proposal, but later start to waver on (b), we > immediately admit that (a) is silly from a security perspective. But it's not silly from a practical migration perspective. It does make sense for CAs. Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto