Re: [Cryptography] Google's Public Key Size (was Re: NSA and cryptanalysis)
On Wed, Sep 4, 2013 at 3:54 PM, Paul Hoffman paul.hoff...@vpnc.org wrote: On Sep 4, 2013, at 2:15 PM, Andy Steingruebl stein...@gmail.com wrote: As of Jan-2014 CAs are forbidden from issuing/signing anything less than 2048 certs. For some value of forbidden. :-) This is why you're seeing Mozilla and Google implementing these checks for compliance with the CABF Basic Requirements in code - Andy ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Google's Public Key Size (was Re: NSA and cryptanalysis)
On Sep 4, 2013, at 2:15 PM, Andy Steingruebl stein...@gmail.com wrote: As of Jan-2014 CAs are forbidden from issuing/signing anything less than 2048 certs. For some value of forbidden. :-) --Paul Hoffman ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Google's Public Key Size (was Re: NSA and cryptanalysis)
On Mon, Sep 2, 2013 at 3:04 PM, Jeffrey I. Schiller j...@mit.edu wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Sep 02, 2013 at 03:09:31PM -0400, Jerry Leichter wrote: Google recently switched to 2048 bit keys; hardly any other sites have done so, and some older software even has trouble talking to Google as a result. Btw. As a random side-note. Google switched to 2048 bit RSA keys on their search engine. However my connection to mail.google.com is using a NIST p256r1 ECC key in its certificate. As of Jan-2014 CAs are forbidden from issuing/signing anything less than 2048 certs. Lots of people are acting now to get ahead of that. EV's have been required to be 2048 for quite some time. - Andy ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
[Cryptography] Google's Public Key Size (was Re: NSA and cryptanalysis)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Sep 02, 2013 at 03:09:31PM -0400, Jerry Leichter wrote: Google recently switched to 2048 bit keys; hardly any other sites have done so, and some older software even has trouble talking to Google as a result. Btw. As a random side-note. Google switched to 2048 bit RSA keys on their search engine. However my connection to mail.google.com is using a NIST p256r1 ECC key in its certificate. - -Jeff -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFSJQt78CBzV/QUlSsRAtO0AKDkltH4HUVw5Pa2lwCLhHLAGrIJHACgxzZh 1EInnyyRoKX4xZ1rQ0M9c2g= =uOUn -END PGP SIGNATURE- ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography