ADVANCE WARNING: Google moving to 2048-bit SSL and root keys
Ryan Gard
ryangard at gmail.com
Sat May 25 06:37:00 UTC 2013
>From what it looks like, I'd assume they'll be sticking with a CA that has
a 2048 bit certificate as well.
Seems they also put a sandbox for testing together. That being said, they
won't confirm or deny whether or not they'll be using the same CA as they
have in the sandbox...
https://cert-test.sandbox.google.com/
On Fri, May 24, 2013 at 9:34 PM, Jimmy Hess <mysidia at gmail.com> wrote:
> On 5/24/13, Jay Ashworth <jra at baylink.com> wrote:
>
>
> Hm.. this might be no big deal if not for public key pinning and CA
> pinning in modern browsers of certain sites, they could just get
> themselves 2048 bit certificates from any CA...
>
> So what could otherwise be a routine certificate change, may have some
> unusual extra baggage attached to it -- requiring end users performing
> software code update in their only slightly outdated browsers,
> instead of just switching certificates, so they stop getting big red
> SSL errors when trying to perform searches via Google...
>
>
> > Via PRIVACY Forum:
> >
> > ----- Forwarded Message -----
> >> From: "PRIVACY Forum mailing list" <privacy at vortex.com>
> >
> >> Google moving to longer SSL keys
> >>
> >> http://j.mp/10YAWaC (Google Online Security Blog)
>
> --
> -JH
>
>
--
Ryan Gard
More information about the NANOG
mailing list