On Oct 16, 2013, at 1:24 PM, Phillip Hallam-Baker <[email protected]> wrote:
> > > > On Wed, Oct 16, 2013 at 10:21 AM, Stephen Kent <[email protected]> wrote: > Joel, > > Thanks for the followup, identifying the CABF as the source of the key length > change. > > I recently came across a document I wrote in 1999 arguing for 2048 bit keys... > > The problem that required CABForum intervention was that a 1024 bit key is > compatible with more browsers and always will be. Thus there is a commercial > advantage in using a 1024 bit cert so as to maximize the customer base. > > CAs were not prepared to stop issuing 1024 bit certs if doing so would lose > sales to a competitor. Browsers could not stop recognizing 1024 bit certs as > long as they were the majority of certs in use. > > Agreeing to stop issue of 1024 bit certs (with some rare exceptions outside > the WebPKI) required both groups to make a mutual commitment. > which is pretty much the point I was making in terms of citing it as expensive for the operators and consumers , but necessary. As a content provider I would have continued to use 1024 bit keys as long as was plausible because the computational hit is significant enough that caused us to swap in an entire new generation of hardware. > > -- > Website: http://hallambaker.com/ > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
