On Wed, Oct 06, 2010 at 04:52:46PM +1300, Peter Gutmann wrote: > From https://wiki.mozilla.org/CA:MD5and1024: > > December 31, 2010 - CAs should stop issuing intermediate and end-entity > certificates from roots with RSA key sizes smaller than 2048 bits [0]. All > CAs should stop issuing intermediate and end-entity certificates with RSA > key size smaller than 2048 bits under any root. > > [...] > > Right, because the problem with commercial PKI is all those attackers who are > factoring 1024-bit moduli, and apart from that every other bit of it works > perfectly. > > Peter. > > [0] This is ambiguously worded, but it's talking about key sizes in EE certs.
What are "EE certs", did you mean "EV"? -- Viktor. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com