[cabfpub] BR Requirements for 1024-bit Certificates

Rick Andrews Rick_Andrews at symantec.com
Thu Jan 31 22:44:01 UTC 2013


Another point: the BR says “Except where explicitly stated otherwise, these requirements apply only to relevant events that occur on or after the Effective Date.” I don’t see anything explicit in Appendix A saying that this size limitation applies to certificates created before the Effective Date.

-Rick

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Rick Andrews
Sent: Thursday, January 31, 2013 2:30 PM
To: Eddy Nigg (StartCom Ltd.); public at cabforum.org
Subject: Re: [cabfpub] BR Requirements for 1024-bit Certificates

We support changing the date in the BR, as we have tens of thousands of such certs, many issued long before the BR was enacted. It would be extremely disruptive to many of our customers to replace them early.

I agree that we don’t want to wait until the catastrophe arrives, but AFAIK the largest number factored was less than 800 bits. Factoring a 1024-bit number is far, far more difficult. If there is consensus for a ballot, I would endorse it.

-Rick

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Thursday, January 31, 2013 2:12 PM
To: public at cabforum.org
Subject: Re: [cabfpub] BR Requirements for 1024-bit Certificates


On 01/31/2013 11:58 PM, From Wayne Thayer:

I'm not yet aware of any known practical brute force attack on 1024 bit RSA keys.  On the other hand, it is clear that there will be a major impact on existing SSL sites as CAs work to rekey 10's of thousands of certificates this year.  I'd like to propose that we extend the deadline in the BRs for revoking existing certs with 1024 bit keys pending further evidence of a practical vulnerability.  Do others support this change?

No, at least we don't - those that took steps to ensure adequate keys sizes in the past were at a disadvantage when refusing to sign certificate with smaller keys. Today with the BR in place, the same rules are applied throughout the industry and I don't consider it a good idea to roll back on this (and other issues) which we finally nailed down.

Additionally we don't have to wait for the catastrophe to arrive in order to take actions, we really should be at least a half-step ahead.

Finally do I consider a promise to revoke such certificates in December 2013 not compliant to the BR - and probably also not to some of the software vendors requirements if I recall correctly. So your statement is correct, that as of today there shouldn't be any certificates with a validity of a year and more with 1024 bit keys.
Regards



Signer:

Eddy Nigg, COO/CTO



StartCom Ltd.<http://www.startcom.org>

XMPP:

startcom at startcom.org<xmpp:startcom at startcom.org>

Blog:

Join the Revolution!<http://blog.startcom.org>

Twitter:

Follow Me<http://twitter.com/eddy_nigg>




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130131/f055eb0a/attachment-0003.html>


More information about the Public mailing list