Moving to 2048-bit Keys
In the last few months, I have been reading blog posts (e.g., Google and Evernote) about certificate subscribers changing their keys from 1024-bit to 2048-bit RSA. I suppose congratulations may be in order. But, on the other hand, what’s been the delay?
- In 2005 and 2007, the U.S. National Institute of Standards and Technology (NIST) recommended through special report SP 800-57 that subscribers move from 1024-bit to 2048-bit RSA by 2010
- Adobe, Microsoft and Mozilla issued root certificate policies supporting the NIST recommendations
- CA/Browser Forum issued the EV guidelines so that EV SSL certificates could not have 1024-bit keys past 2010
- Responsible certification authorities (CAs) respected the Microsoft and Mozilla root certificate policies to move their subscribers from 1024-bit to 2048-bit keys
- In 2011, NIST upgraded their policy and issued special publication SP 800-131A to allow for a three-year transition period from 1024 to 2018 bits. The transition period will end December 31, 2013.
- Microsoft and Mozilla updated their root certificate policies per the new NIST recommendations
- CA/Browser Forum did not change their requirements for EV certificates, but did release the SSL Baseline Requirements using the new recommendations from NIST
- CAs adjusted their certificate policies to meet the new guidance
As we move forward, we will see that CAs will no longer offer certificates with keys less than 2048 bits. There are some 1024-bit key certificates that were issued and expire after 2013. In these cases, some CAs will force the subscribers to re-issue their certificates with 2048-bit keys, while others will let the certificates expire and renew at 2048-bit keys. It is arguable that either approach is legitimate as there does not appear to be an immediate risk to 1024-bit keys.
So, I would like to congratulate the EV SSL subscribers who, back in 2010, actually took the initiative to move to 2048-bit keys. I also would like to congratulate the small website operators that moved to 2048-bit keys in 2011 and 2012.
You know what though? I still wonder why we’re hearing from large companies — ahem, Google and the like — with their announcements of change, especially since the deadline is so close. Shouldn’t this have been an initiative they drove from the beginning as an industry leader? Seems this should have just happened two or three years ago — without blogs, news releases and public fanfare.