ADVANCE WARNING: Google moving to 2048-bit SSL and root keys
Via PRIVACY Forum: ----- Forwarded Message -----
From: "PRIVACY Forum mailing list" <privacy@vortex.com>
Google moving to longer SSL keys
http://j.mp/10YAWaC (Google Online Security Blog)
"This encryption needs to be updated at times to make it even stronger, so this year our SSL services will undergo a series of certificate upgrades-specifically, all of our SSL certificates will be upgraded to 2048-bit keys by the end of 2013. We will begin switching to the new 2048-bit certificates on August 1st, to ensure adequate time for a careful rollout before the end of the year. We're also going to change the root certificate that signs all of our SSL certificates because it has a 1024-bit key."
- - -
I will note, however, that given the fundamental weaknesses in the PKI -- especially relating to certificate authorities in general -- even longer keys will not solve intrinsic problems that must be faced.
--Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren _______________________________________________ privacy mailing list http://lists.vortex.com/mailman/listinfo/privacy
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
On 5/24/13, Jay Ashworth <jra@baylink.com> wrote: Hm.. this might be no big deal if not for public key pinning and CA pinning in modern browsers of certain sites, they could just get themselves 2048 bit certificates from any CA... So what could otherwise be a routine certificate change, may have some unusual extra baggage attached to it -- requiring end users performing software code update in their only slightly outdated browsers, instead of just switching certificates, so they stop getting big red SSL errors when trying to perform searches via Google...
Via PRIVACY Forum:
----- Forwarded Message -----
From: "PRIVACY Forum mailing list" <privacy@vortex.com>
Google moving to longer SSL keys
http://j.mp/10YAWaC (Google Online Security Blog)
-- -JH
From what it looks like, I'd assume they'll be sticking with a CA that has a 2048 bit certificate as well.
Seems they also put a sandbox for testing together. That being said, they won't confirm or deny whether or not they'll be using the same CA as they have in the sandbox... https://cert-test.sandbox.google.com/ On Fri, May 24, 2013 at 9:34 PM, Jimmy Hess <mysidia@gmail.com> wrote:
On 5/24/13, Jay Ashworth <jra@baylink.com> wrote:
Hm.. this might be no big deal if not for public key pinning and CA pinning in modern browsers of certain sites, they could just get themselves 2048 bit certificates from any CA...
So what could otherwise be a routine certificate change, may have some unusual extra baggage attached to it -- requiring end users performing software code update in their only slightly outdated browsers, instead of just switching certificates, so they stop getting big red SSL errors when trying to perform searches via Google...
Via PRIVACY Forum:
----- Forwarded Message -----
From: "PRIVACY Forum mailing list" <privacy@vortex.com>
Google moving to longer SSL keys
http://j.mp/10YAWaC (Google Online Security Blog)
-- -JH
-- Ryan Gard
participants (3)
-
Jay Ashworth
-
Jimmy Hess
-
Ryan Gard