This can presumably be resolved as fixed, given the commit on #2626 just
now.
On 29/09/10 20:54, Rob Stradling via RT wrote:
NIST (SP800-57 Part 1) recommends a minimum RSA key size of 2048-bits beyond
2010. From January 1st 2011, in order to comply with the current Microsoft[1]
and Mozilla[2] CA Policies, Commercial CAs will no longer be permitted to
issue certificates with RSA key sizes of <2048-bit.
Please accept the attached patch, which increases the default RSA key size to
2048-bits for the "req", "genrsa" and "genpkey" apps.
Thanks.
[1] http://technet.microsoft.com/en-us/library/cc751157.aspx says:
"we have advised Certificate Authorities...to transition their subordinate and
end-certificates to 2048-bit RSA certificates, and to complete this transition
for any root certificate distributed by the Program no later than December 31,
2010".
[2] https://wiki.mozilla.org/CA:MD5and1024 says:
"December 31, 2010 – CAs should stop issuing intermediate and end-entity
certificates from roots with RSA key sizes smaller than 2048 bits. All CAs
should stop issuing intermediate and end-entity certificates with RSA key size
smaller than 2048 bits under any root".
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender by replying
to the e-mail containing this attachment. Replies to this email may be
monitored by Comodo for operational or business reasons. Whilst every
endeavour is taken to ensure that e-mails are free from viruses, no liability
can be accepted and the recipient is requested to use their own virus checking
software.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender by replying to the e-mail containing this attachment. Replies to
this email may be monitored by COMODO for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are free
from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
