PKI operators anyone?

Joe Maimon jmaimon at
Wed Sep 5 14:06:10 UTC 2007

MS-PRESS recommended design guidelines for multi-tier PKI systems for 
validity periods are along the lines of

8 years for the root
4 years for the "policy"
2 years for the "issuing"
1 year for the issued certificate

This is ostensibly due to fears of brute force cracking of the private 
keys over the root key's validity period.

Accompanied with this recommendation is one for key lengths of

4096 for the root
2048 for the policy
1024 for the issuing and for the issued.

I have found the downside to this: Constant renewals every single year 
of either minor or major impact.

While MS-AD pki client implementations seem to handle most of the 
(except for the root) resigning just fine, external implementation 
struggle with some details, such as "chaining up to the root" trusting 
(thereby only requiring them to trust the root cert) and such as 
trusting two different certs (for an issuing CA that gets resigned) but 
that have the same common name, hence loads of fun every 11 months or so.

I am about to recommend a re implementation along these lines

80 years for the root, 4096bit key
35 years for the policy, 4096bit key
15 years for the issuing, ?bit key
<=5 years for the issued certificates.

Good idea? Bad Idea? Comments? Are all pki client implementation in the 
wild 4096bit compatible?

Thanks in advance,


More information about the NANOG mailing list