[Ach] Proposing RSA keylengths

Aaron Zauner azet at azet.org
Tue Nov 5 17:13:22 CET 2013

On 05 Nov 2013, at 16:57, Pepi Zawodsky <pepi.zawodsky at maclemon.at> wrote:

> On Keylengths I'd go with this recommendation:
> On RSA:
> < 2048 bits deprecated and should be replaced asap.
> 248 bits as the bare minimum with a recommendation to move to 4096 bit keys.
> 4096 bits as real world recommendation.
Thats what i generally deploy. The problem still being, 4096bit keys cause some overhead and for large hosting companies or frequently used websites this might very well not be acceptable. The current (FOSS & crypto) community recommendation regarding RSA keysizes is 2048bit. 

We could define this using RFC keywords

MUST NOT:	<2048bit RSA
SHOULD:	>2048bit RSA

> Firefox 24/25, elinks 0.11.7 and lynx 2.8.7 could indeed connect correctly.
> Server side is nginx 1.4.6.
> Calomel SSL Inspection in Firefox gives a lot of ambivalent stuff about this connection.
> https://mirror.maclemon.at/Calomel_on_atlas.png
> Whereas Firefox itself gives me these details:
> https://mirror.maclemon.at/Firefox25_on_atlas.png
Access Denied :(

> iOS 7 complains about an untrusted certificate and then goes into a loop unless you cancel.
> Regarding ECC I guess we have multiple problems. Not only the keylength to recommend, (strong) IF we do recommend using ECC at all, but also the curves to use. My understanding from yesterday's meeting (2013-11-04) was to not recommend ECC use at all. Maybe give a recommendation on how to use it if one decides to insist on ECC (for the moment).
> Do you second or disagree with my opinion on RSA keylength recommendations?
See above.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131105/b28b3328/attachment.sig>

More information about the Ach mailing list