Anyway, the proof of the pudding is in the eating. Can you point me to a secure site that uses a key size >1024 bits? I can't find one for love nor money.
This root certificate was found in the binary code for Netscape 7
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=America Online Inc.,
CN=America Online Root Certification Authority 2
Validity
Not Before: May 28 06:00:00 2002 GMT
Not After : Sep 29 14:08:00 2037 GMT
Subject: C=US, O=America Online Inc.,
CN=America Online Root Certification Authority 2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (4096 bit)
==========
Modulus (4096 bit):
00:cc:41:45:1d:e9:3d:4d:10:f6:8c:b1:41:c9:e0:
5e:cb:0d:b7:bf:47:73:d3:f0:55:4d:dd:c6:0c:fa:
b1:66:05:6a:cd:78:b4:dc:02:db:4e:81:f3:d7:a7:
...
===There used to be a 16384 bit root certificate in Netscape 6 but I see it has been removed. It belonged to Thawte.
===
grep Modulus foombar | sort | uniq -c
1 Modulus (1000 bit): 38 Modulus (1024 bit): 26 Modulus (2048 bit): 2 Modulus (4096 bit):
So, slightly less than half the commercial roots have moved to 2048 bits and several have moved to 4096. These are the numbers for the old Netscape 6:
1 Modulus (1000 bit): 54 Modulus (1024 bit): 1 Modulus (16384 bit): 34 Modulus (2048 bit): 1 Modulus (4096 bit):
This should give you a pretty good snapshot of what the people who can pay Netscape $250,000 dollars a shot to have their roots included are doing...
-- Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
