[cabfpub] Proposed addition to BRs allowing issuance of <2048

Horne, Rob rob.horne at trustis.com
Fri Jun 14 14:48:31 UTC 2013

This is valid but getting away from the point I was trying to make. If all implementations of webserver and browsers could handle 4096 bit keys then should we all make the jump to that? My point was should the implementation web browser SSL drive the security of all PKI implementations? Or to turn the argument on its head, if "non-web pki" cannot be an exception how can non-web pki ever be publicly trusted?

Web is not synonymous with Internet, but it sure looks like it's getting that way ;-)


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: 14 June 2013 15:32
To: Eddy Nigg (StartCom Ltd.); public at cabforum.org
Subject: Re: [cabfpub] Proposed addition to BRs allowing issuance of <2048

On 14/06/13 15:27, Eddy Nigg (StartCom Ltd.) wrote:
> Just for the record, are RSA keys with 1024 bit somehow stronger when
> not used on the web?

No. But:

a) the CAB Forum's jurisdiction has limits. The question is: is this case inside or outside them?

b) We are eliminating 1024 because we don't know when an attack will become feasible - but it's not feasible yet. So at the moment, they are strong enough both on _and_ off the web.

c) If someone ever managed to get together the power to attack a 1024-bit cert, what would they pick? A root? An intermediate? Or the poxy cert of some random PIN entry device? Seems like an incredibly expensive way of stealing credit card numbers, which are available for a few cents each at any darknet forum.

Public mailing list
Public at cabforum.org

More information about the Public mailing list