On Thu, Jun 17, 2010 at 8:10 PM, Dave Thompson <dthomp...@prinpay.com> wrote:
There should be no technical problem signing a child cert with a different keylength, or algorithm. It's even fairly common for a child cert to have a smaller/weaker key than the CA. It's somewhat silly for the child to be larger/stronger, because you get no benefit: your authentication could be compromised (about) as effectively by breaking *either* level. But at least for a few years yet, the difference between 1k and 2k discrete (i.e. RSA or DSA, not ECDSA) is only theoretical. And you could be ready for multiple or future CAs some of which are stronger.
The NIST recommends after December 31, 2010, that all RSA keys be 2048-bit or larger. Mozilla will make changes to its NSS product to support this, according to what I've heard over on the Mozilla dev.security.policy list. -Kyle H
smime.p7s
Description: S/MIME Cryptographic Signature
