I think we have a misunderstanding here: On 2015-07-27 22:28, Patrick Beisler wrote: > why not allow 2048 for now with the prerequisite that all server may > move to 4096, if we can actually agree on it. Some people may also need > to purchase new certs anyways, so at least they have a heads up. > but that's just me.. I just had a 2048 last year before renewing and > just so happened to do 4096. (as an example)
No one is trying to forbid 2048 bit certificates. I described 4096 bit certs as "best practice". So when you get a new one, I think you should get a 4096 bit cert ;-). My original post tried to get a momentum towards ubiquitous Forward Secrecy, a different issue. greetings, Mati -- twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl I only read plain-text mail! I prefer signed/encrypted mail!
smime.p7s
Description: S/MIME Cryptographic Signature