I thought I saw some servers were already discriminating by cert size, mb. On Mon, Jul 27, 2015 at 4:36 PM, Mathias Ertl <[email protected]> wrote:
> I think we have a misunderstanding here: > > On 2015-07-27 22:28, Patrick Beisler wrote: > > why not allow 2048 for now with the prerequisite that all server may > > move to 4096, if we can actually agree on it. Some people may also need > > to purchase new certs anyways, so at least they have a heads up. > > but that's just me.. I just had a 2048 last year before renewing and > > just so happened to do 4096. (as an example) > > No one is trying to forbid 2048 bit certificates. I described 4096 bit > certs as "best practice". So when you get a new one, I think you should > get a 4096 bit cert ;-). My original post tried to get a momentum > towards ubiquitous Forward Secrecy, a different issue. > > greetings, Mati > > > -- > twitter: @mathiasertl | xing: Mathias Ertl | email: [email protected] > I only read plain-text mail! I prefer signed/encrypted mail! > > -- The Internet is changing, consider securing your messages with PGP. https://keybase.io/psjbeisler/key.asc
