Re: [Cryptography] Google's Public Key Size (was Re: NSA and cryptanalysis)
On Wed, Sep 4, 2013 at 3:54 PM, Paul Hoffman paul.hoff...@vpnc.org wrote: On Sep 4, 2013, at 2:15 PM, Andy Steingruebl stein...@gmail.com wrote: As of Jan-2014 CAs are forbidden from issuing/signing anything less than 2048 certs. For some value of forbidden. :-) This is why you're seeing Mozilla and Google implementing these checks for compliance with the CABF Basic Requirements in code - Andy ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Google's Public Key Size (was Re: NSA and cryptanalysis)
On Mon, Sep 2, 2013 at 3:04 PM, Jeffrey I. Schiller j...@mit.edu wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Sep 02, 2013 at 03:09:31PM -0400, Jerry Leichter wrote: Google recently switched to 2048 bit keys; hardly any other sites have done so, and some older software even has trouble talking to Google as a result. Btw. As a random side-note. Google switched to 2048 bit RSA keys on their search engine. However my connection to mail.google.com is using a NIST p256r1 ECC key in its certificate. As of Jan-2014 CAs are forbidden from issuing/signing anything less than 2048 certs. Lots of people are acting now to get ahead of that. EV's have been required to be 2048 for quite some time. - Andy ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: A mighty fortress is our PKI, Part III
On Wed, Sep 15, 2010 at 8:39 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: Some more amusing anecdotes from the world of PKI: Peter, Not to be too contrary (though at least a little) - not all of these are really PKI failures are they? - There's malware out there that pokes fake Verisign certificates into the Windows trusted cert store, allowing the malware authors to be their own Verisign. The malware could just as easily fake the whole UI. Is it really PKI's fault that it doesn't defend against malware? Did even the grandest supporters ever claim it could/did? - CAs have issued certs to cybercrime web sites like https://www.pay-per-install.com (an affiliate program for malware installers), because hey, the Russian mafia's money is as good as anyone else's. Similarly here - non-EV CAs bind DNS names to a field in a certificate. No more. They don't vouch for the business being run, and in any case any such audit would be point in time anyway. I suppose way back when people promised that certs would do this, but does anyone believe that anymore and have it as an expectation? Perhaps you're setting the bar a bit high? BTW - do you have pointers to most of the things you've reported? I'd love to get the full sordid details :) - Andy - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com