Re: Retirement of RSA-2048

2018-01-22 Thread Alex Gaynor via dev-security-policy 
If I may give a shorter answer than Peter: for authentication purposes (as
used in the WebPKI with non-RSA-key-exchange ciphersuites in TLS) there is
no current deprecation plans for 2048-bit RSA.

Alex

On Sat, Jan 20, 2018 at 12:00 PM, Peter Bowen via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

> On Sat, Jan 20, 2018 at 8:31 AM, James Burton via dev-security-policy
> <dev-security-policy@lists.mozilla.org> wrote:
> > Approximate date of retirement of RSA-2048?
>
> This is a very broad question, as you don't specify the usage.  If you
> look at the US National Institute of Standards and Technology's SP
> 800-57 part 1 rev 4
> (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/
> NIST.SP.800-57pt1r4.pdf),
> they discuss the difference between "applying" and "processing".
> Applying would usually be either encrypting or signing and processing
> would usually be decrypting or verifying.
>
> Given that RSA is used by Mozilla products for signing long term data
> (intermediate CA certificates, for example), encrypting data (for
> example, encrypting email), as part of key exchange (in TLS), and for
> signing for instant authentication (signature during a TLS handshake),
> the appropriate retirement date may vary.
>
> That being said, the NIST publication above uses the assumption that
> RSA with a 2048-bit modulus, where the two factors are each 1024-bit
> long prime numbers, provides approximately 112-bits of strength.
> Later on it states that 112-bits of strength is acceptable until 2030.
>
> The German Federal Office for Information Security (BSI) reportedly
> recommends using a modulus length of at least 3000 bits starting in
> 2023 [1].
>
> Does that help answer your question?
>
> Thanks,
> Peter
>
> [1] My German is very poor.  If yours is better than mine, you can
> read the original doc from the BSI at
> https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/
> TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile
> and confirm that Google Translate did not cause me to misunderstand
> the recommendation
> ___
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: Retirement of RSA-2048

2018-01-20 Thread Peter Bowen via dev-security-policy 
On Sat, Jan 20, 2018 at 8:31 AM, James Burton via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:
> Approximate date of retirement of RSA-2048?

This is a very broad question, as you don't specify the usage.  If you
look at the US National Institute of Standards and Technology's SP
800-57 part 1 rev 4
(http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf),
they discuss the difference between "applying" and "processing".
Applying would usually be either encrypting or signing and processing
would usually be decrypting or verifying.

Given that RSA is used by Mozilla products for signing long term data
(intermediate CA certificates, for example), encrypting data (for
example, encrypting email), as part of key exchange (in TLS), and for
signing for instant authentication (signature during a TLS handshake),
the appropriate retirement date may vary.

That being said, the NIST publication above uses the assumption that
RSA with a 2048-bit modulus, where the two factors are each 1024-bit
long prime numbers, provides approximately 112-bits of strength.
Later on it states that 112-bits of strength is acceptable until 2030.

The German Federal Office for Information Security (BSI) reportedly
recommends using a modulus length of at least 3000 bits starting in
2023 [1].

Does that help answer your question?

Thanks,
Peter

[1] My German is very poor.  If yours is better than mine, you can
read the original doc from the BSI at
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile
and confirm that Google Translate did not cause me to misunderstand
the recommendation
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Retirement of RSA-2048

2018-01-20 Thread James Burton via dev-security-policy 
Approximate date of retirement of RSA-2048?
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy