[146570] in cryptography@c2.net mail archive
Re: [Cryptography] Google's Public Key Size (was Re: NSA and
daemon@ATHENA.MIT.EDU (Andy Steingruebl)
Wed Sep 4 18:39:55 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20130902220443.GA5738@jis.tzo.com>
Date: Wed, 4 Sep 2013 14:15:07 -0700
From: Andy Steingruebl <steingra@gmail.com>
To: "Jeffrey I. Schiller" <jis@mit.edu>
Cc: Jerry Leichter <leichter@lrw.com>,
"cryptography@metzdowd.com List" <cryptography@metzdowd.com>,
"Perry E. Metzger" <perry@piermont.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============6509896713935641195==
Content-Type: multipart/alternative; boundary=bcaec5215b07c3b77304e5954c8b
--bcaec5215b07c3b77304e5954c8b
Content-Type: text/plain; charset=ISO-8859-1
On Mon, Sep 2, 2013 at 3:04 PM, Jeffrey I. Schiller <jis@mit.edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, Sep 02, 2013 at 03:09:31PM -0400, Jerry Leichter wrote:
> > Google recently switched to 2048 bit keys; hardly any other sites
> > have done so, and some older software even has trouble talking to
> > Google as a result.
>
> Btw. As a random side-note. Google switched to 2048 bit RSA keys on
> their search engine. However my connection to mail.google.com is using
> a NIST p256r1 ECC key in its certificate.
>
As of Jan-2014 CAs are forbidden from issuing/signing anything less than
2048 certs. Lots of people are acting now to get ahead of that.
EV's have been required to be 2048 for quite some time.
- Andy
--bcaec5215b07c3b77304e5954c8b
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><div class=3D"gmail_quote">=
On Mon, Sep 2, 2013 at 3:04 PM, Jeffrey I. Schiller <span dir=3D"ltr"><<=
a href=3D"mailto:jis@mit.edu" target=3D"_blank">jis@mit.edu</a>></span> =
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
On Mon, Sep 02, 2013 at 03:09:31PM -0400, Jerry Leichter wrote:<br>
> Google recently switched to 2048 bit keys; hardly any other sites<br>
> have done so, and some older software even has trouble talking to<br>
> Google as a result.<br>
<br>
Btw. As a random side-note. Google switched to 2048 bit RSA keys on<br>
their search engine. However my connection to <a href=3D"http://mail.google=
.com" target=3D"_blank">mail.google.com</a> is using<br>
a NIST p256r1 ECC key in its certificate.<br></blockquote><div><br></div><d=
iv>As of Jan-2014 CAs are forbidden from issuing/signing anything less than=
2048 certs. =A0Lots of people are acting now to get ahead of that.</div>
<div>EV's have been required to be 2048 for quite some time.</div><div>=
<br></div><div>- Andy</div><div><br></div></div></div></div>
--bcaec5215b07c3b77304e5954c8b--
--===============6509896713935641195==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============6509896713935641195==--
