'Re: Folly of looking at CA cert lifetimes'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cryptography
Subject:    Re: Folly of looking at CA cert lifetimes
From:       Paul Hoffman <paul.hoffman () vpnc ! org>
Date:       2010-09-14 21:54:12
Message-ID: p06240893c8b59e795430 () [10 ! 20 ! 30 ! 158]
[Download RAW message or body]

At 5:33 PM -0400 9/14/10, Thor Lancelot Simon wrote:
> On Tue, Sep 14, 2010 at 08:14:59AM -0700, Paul Hoffman wrote:
> > At 10:57 AM -0400 9/14/10, Perry E. Metzger did not write, but passed on for \
> > someone else:
> > > This suggests to me that even if NIST is correct that 2048 bit RSA
> > > keys are the reasonable the minimum for new deployments after 2010,
> > > much shorter keys are appropriate for most server certificates that
> > > these CAs will sign.  The CA keys have lifetimes of 10 years or more;
> > > the server keys a a quarter to a fifth of that.
> > 
> > No, no, a hundred times no. (Well, about 250 times, or however many
> > CAs are in the current OS trust anchor piles.) The "lifetime" of a "CA
> > key" is exactly as long as the OS or browser vendor keeps that key,
> > usually in cert form, in its trust anchor pile. You should not
> > extrapolate *anything* from the contents of the CA cert except the key
> > itself and the proclaimed name associated with it.
> 
> I don't understand.  The original text seems to be talking about *server*
> certificate lifetimes, and how much shorter they are than CA cert
> lifetimes.  What does that have to do with "a thousand times no" about
> some proposition to do with CA cert lifetimes?
> 
> In other words, if CA key lifetimes are longer than indicated by their
> X.509 properties, it seems to me that just makes the quoted text about
> the relationship between server and CA key lifetimes even more true.

Ah, I see what you are saying, and what Perry's anonymous forwarder meant. That is, \
if the "CA keys have lifetimes of 10 years or more" means "because that's how long \
OSs and browsers leave them in the trust anchor pile", then it has nothing to do with \
the built-in notAfter dates in the server certificates.

--Paul Hoffman, Director
--VPN Consortium

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic