On Wed, Oct 16, 2013 at 10:21 AM, Stephen Kent <k...@bbn.com> wrote: > Joel, > > Thanks for the followup, identifying the CABF as the source of the key > length change.
I recently came across a document I wrote in 1999 arguing for 2048 bit keys... The problem that required CABForum intervention was that a 1024 bit key is compatible with more browsers and always will be. Thus there is a commercial advantage in using a 1024 bit cert so as to maximize the customer base. CAs were not prepared to stop issuing 1024 bit certs if doing so would lose sales to a competitor. Browsers could not stop recognizing 1024 bit certs as long as they were the majority of certs in use. Agreeing to stop issue of 1024 bit certs (with some rare exceptions outside the WebPKI) required both groups to make a mutual commitment. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass