[Ach] Proposing RSA keylengths

Pepi Zawodsky pepi.zawodsky at maclemon.at
Tue Nov 5 16:57:06 CET 2013

On Keylengths I'd go with this recommendation:

< 2048 bits deprecated and should be replaced asap.
248 bits as the bare minimum with a recommendation to move to 4096 bit keys.
4096 bits as real world recommendation.

Longer keys only with caution for real world use, since many browsers seem to break on 8k RSA keys. (As demonstrated on 2013-11-04)
I rechecked and Safari 7, Chromium 30, Opera Next 18 (All webkit Browsers) which could not connect successfully and deliver a bogus message about invalid certificates and fail to even display the certificate at all.

Firefox 24/25, elinks 0.11.7 and lynx 2.8.7 could indeed connect correctly.
Server side is nginx 1.4.6.

Calomel SSL Inspection in Firefox gives a lot of ambivalent stuff about this connection.

Whereas Firefox itself gives me these details:

iOS 7 complains about an untrusted certificate and then goes into a loop unless you cancel.

Regarding ECC I guess we have multiple problems. Not only the keylength to recommend, (strong) IF we do recommend using ECC at all, but also the curves to use. My understanding from yesterday's meeting (2013-11-04) was to not recommend ECC use at all. Maybe give a recommendation on how to use it if one decides to insist on ECC (for the moment).

Do you second or disagree with my opinion on RSA keylength recommendations?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131105/1711b9f4/attachment.sig>

More information about the Ach mailing list