I think that 3K-RSA is the next step after 2K-RSA, and I am sure that the computational costs of a 4K-RSA certificate is much of an obstruction with current hardware and I think that it isn't a problem at all a couple years in the future.
2014-09-09 14:18 GMT+02:00 Salz, Rich <rs...@akamai.com>: > > May I suggest 4096 bit with SHA-256. > > I think the next step after 2K-RSA is ECC, and that 4K RSA isn't going to > see much deployment because of the computational cost. At least, that's > how we see things at my employer. > > > And Chrome+Firefox still happily uses MD5 to sign SPKAC after offering > you > > to create Low (512), Medium (1024) or High (2048) grade encryption keys > > (patch available for ages BTW) ... > > If you can point me to patches, email, or whatever I can try to make sure > those links get seen by folks in charge. > > /r$ > -- > Principal Security Engineer > Akamai Technologies, Cambridge MA > IM: rs...@jabber.me Twitter: RichSalz > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
