[Cscwg-public] Code Signing Key Size changes

Doug Beattie doug.beattie at globalsign.com
Thu Sep 3 13:36:18 MST 2020

Add to further Dean's note, this applies to all certificates in the chain
from the root down, so if you need a new subordinate CA you had better get
started on that.


From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Dean
Coclin via Cscwg-public
Sent: Thursday, September 3, 2020 4:16 PM
To: cscwg-public at cabforum.org
Subject: [Cscwg-public] Code Signing Key Size changes


I'm not sure if everyone is aware that minimum key sizes are going to change


The Code Signing BRs specify that certs issued after Jan 1, 2021 must have
3072 RSA keys (vs the current 2048). This has been in there for a while, but
I fear that customers may not be prepared as it has not been well

In addition, making changes at the beginning of January is always risky due
to holidays, shutdowns, freezes, etc. 


I'm wondering if there is any appetite to move this to April or May 2021? 






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200903/f59e434b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5688 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20200903/f59e434b/attachment-0001.p7s>

More information about the Cscwg-public mailing list