Probably im lost in the translation. Some of our users still have 1024 RSA certificates which they use for HTTPS client auth or signing documents.
Are you suggesting to stop supporting/allowing this certificates? If yes, i supose you will change low level to 2048 on <keygen>, isnt it? On Sun, Dec 15, 2013 at 1:42 PM, Kurt Roeckx <k...@roeckx.be> wrote: > On Sat, Dec 14, 2013 at 06:28:54PM -0800, Brian Smith wrote: > > > > - Only 2048 bit public, 128 bit symmetric, 256 bit elliptic, or > > > better. > > > > > > > Approximately 1.5% of Fx26 full handshakes that use RSA certs use keys > > smaller than 2048 bits. So, enforcing the 2048 bit limit is not going to > be > > a simple thing to do for a while, even though we want to do it soon. > > SSL-pulse stats for 1024 bit keys (the rest is 2048 or 4096) > - june: 5.4% (-0.7%) > - july: 4.7% (-0.7%) > - august: 4.1% (-0.6%) > - september: 3.3% (-0.8%) > - october: 2.2% (-1.1%) > - november: 1.7% (-0.5%) > - december: 1.3% (-0.4%) > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
