Am 23.12.2013 16:09, schrieb Viktor Dukhovni: > On Tue, Dec 24, 2013 at 01:29:38AM +1100, nanotek wrote: >> Still, might be a good time to create my own CA and upgrade to 4096 bit >> keys/certificates > > You can deploy 4096-bit RSA key if it makes you feel more cool, > but there is little point in going beyond 2048-bit RSA at this > time. The further you stray away from current practice into the > land of "extreme" cryptography, the more likely you are to run into > interoperability problems, without any real security gains. > >> using SHA512 algorithms > > TLSv1 and TLSv1.2 does not support negotiation of digest algorithms. > Deploying digests beyond SHA1 will cause interoperability problems > with systems that don't yet support the SHA2 family
hopefully i do not get proven wrong here but: in the last few months i am about testing OpenSSL-Keys with RSA 3072 / SHA256 a far as i can see even old MSIE6 on Windows XP happily connects to a webserver which such a key - given that are you aware of systems / mailservers which would have a problem with it? my plans for 2014 originally are get a signed 3072 SHA 256 *wildcard* certificate for 2 years for use on several webservers as well as Postfix / Dovecot i am aware of the ironically domain below, but given that the NSA not only works on break into foreign systems but also protect US infracsturucture they may have a good reason to state 3072 Bit for AES128 http://www.nsa.gov/business/programs/elliptic_curve.shtml
