<div dir="ltr">Some of the linked articles provide better editorial comment on the rationale behind the move.</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, May 29, 2013 at 8:03 AM, Rick Andrews <span dir="ltr"><<a href="mailto:Rick_Andrews@symantec.com" target="_blank">Rick_Andrews@symantec.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">>From the SANS Newsletter this week.<br>
<br>
Good publicity, although only the editorial comment explains why this is happening.<br>
<br>
-Rick<br>
<br>
Begin forwarded message:<br>
<br>
> --Google Will Upgrade SSL Encryption Keys<br>
> (May 24, 2013)<br>
> By the end of 2013, Google plans to upgrade all of its SSL certificates<br>
> to 2048-bit keys. The change is scheduled to begin in August. Google<br>
> plans to upgrade its root certificate as well. Certain client software<br>
> embedded in devices like phones, gaming consoles, and cameras could run<br>
> into problems with the upgrade; Google has offered advice to help<br>
> mitigate those issues.<br>
> <a href="http://arstechnica.com/security/2013/05/google-builds-bigger-crypto-keys-to-make-site-forgeries-harder/" target="_blank">http://arstechnica.com/security/2013/05/google-builds-bigger-crypto-keys-to-make-site-forgeries-harder/</a><br>


> <a href="http://www.h-online.com/security/news/item/Google-to-replace-SSL-certificates-1869281.html" target="_blank">http://www.h-online.com/security/news/item/Google-to-replace-SSL-certificates-1869281.html</a><br>


> <a href="http://www.zdnet.com/google-upgrading-all-ssl-certificates-to-2048-bit-keys-by-end-of-2013-7000015863/" target="_blank">http://www.zdnet.com/google-upgrading-all-ssl-certificates-to-2048-bit-keys-by-end-of-2013-7000015863/</a><br>


> <a href="http://www.computerworld.com/s/article/9239518/Google_to_lengthen_SSL_encryption_keys_in_August?taxonomyId=17" target="_blank">http://www.computerworld.com/s/article/9239518/Google_to_lengthen_SSL_encryption_keys_in_August?taxonomyId=17</a><br>


> [Editor's Note (Pescatore): I think the CA Browser Forum is requiring<br>
> all CAs to do this by YE2013. Growth in processing power over time,<br>
> combined with advances in crypto attacks that shorten brute force<br>
> attacks, means crypto strengths will always have to increase over time.<br>
> SSL in practice needs more than longer keys - the switchover to longer<br>
> lengths will drive client/server side software upgrades that need to<br>
> address various validity checking and revocation issues. But, the<br>
> security of CAs needs to be addressed in a big way, too.]<br>
_______________________________________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><br>Stephen<br><br>Stephen McHenry<br>Google<br>(650) 253-7140<br>Aut inveniam viam aut faciam
</div>