At 9:45 PM -0700 5/29/08, Justin Dolske wrote: >Paul Hoffman wrote: > >> Unless Mozilla says "we are going to yank that particular Verisign >> certificate, and all the ones with similar key lengths, decades before >> they expire", there is absolutely no reason for us to, 20 years in >> advance, start requiring "new" CAs to use stronger keys. It is just not >> justified. > >I don't think it's nearly that black-and-white. Changing existing roots >is a high-cost, long-lead process; raising the bar on new roots is cheap >and fast. I don't understand why the two are incompatible, nor why >progress should be gated upon perfection.
See <http://en.wikipedia.org/wiki/Security_theater>. Adding strong locks to the front doors while the back doors still have weak locks is useless from a security standpoint. >Are new CAs objecting to the use of stronger certs? Probably not, but why is that relevant? Mallory will always attack the weakest part of the system. > > Proposal: >> [...] > >A three-phase migration might be a bit more orderly: > >1) short-term: raise bar on new CAs >2) mid-term: get existing CAs to switch to stronger roots >3) long-term: remove weak roots. > >#2 helps mitigate the impact of #3 on end-users, lest something force >the issue sooner than desired. I see no difference between your list and mine other than terminology. If a significant browser like Firefox says that in five years, all CA roots have to be 2048 bits, that fact will "get existing CAs to switch to stronger roots". BTW, 1024 bit roots are not "weak". Even a decade from now, it will be incredibly expensive to break a 1024 bit RSA key, and the payback for doing so on a CA root will be very low because it is relatively easy to revoke a broken root in popular browsers. I predict that it would cost Mallory much less to simply set up a CA today, go through the audits and so on, and then lay low until he wants to attack. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
