<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
On 01/31/2013 11:58 PM, From Wayne Thayer:
<blockquote
cite="mid:20130131145800.cd11c9ccff298241dd21cffe62522cfa.fb68744773.wbe@email00.secureserver.net"
type="cite"><span style="font-family: Verdana; color: rgb(0, 0,
0); font-size: 10pt;">
<div><span style="font-family:Verdana; color:#000000;
font-size:10pt;"><br>
<div>I'm not yet aware of any known practical brute force
attack on 1024 bit RSA keys. On the other hand, it is
clear that there will be a major impact on existing SSL
sites as CAs work to rekey 10's of thousands of
certificates this year. I'd like to propose that we
extend the deadline in the BRs for revoking existing certs
with 1024 bit keys pending further evidence of a practical
vulnerability. Do others support this change?</div>
</span></div>
</span></blockquote>
<br>
No, at least we don't - those that took steps to ensure adequate
keys sizes in the past were at a disadvantage when refusing to sign
certificate with smaller keys. Today with the BR in place, the same
rules are applied throughout the industry and I don't consider it a
good idea to roll back on this (and other issues) which we finally
nailed down.<br>
<br>
Additionally we don't have to wait for the catastrophe to arrive in
order to take actions, we really should be at least a half-step
ahead.<br>
<br>
Finally do I consider a promise to revoke such certificates in
December 2013 not compliant to the BR - and probably also not to
some of the software vendors requirements if I recall correctly. So
your statement is correct, that as of today there shouldn't be any
certificates with a validity of a year and more with 1024 bit keys.<br>
<br>
<br>
<div class="moz-signature">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
<br>
</body>
</html>