Charlie Lenahan wrote:
George Adams wrote:
1) Why isn't everyone using stronger public/private key pairs?
Nobody who seems to offer SSL certs (Verisign, Thawte, GoDaddy,
Comodo) tells their customers to generate 2048-bit keys with
OpenSSL. Obviously they're not worried - why not?
The question reflects the common perception that certifications from
today's commercial certification authorities have some lasting value,
that the lock icon on the browser has some enduring meaning. It really
doesn't. Before we go stressing key lengths we ought to turn our
attention to that word "authority."
We covered this a couple of months ago:
http://marc.theaimsgroup.com/?l=openssl-users&m=115056999932388&w=2
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]