ADVANCE WARNING: Google moving to 2048-bit SSL and root keys

Ryan Gard ryangard at gmail.com
Sat May 25 06:37:00 UTC 2013


>From what it looks like, I'd assume they'll be sticking with a CA that has
a 2048 bit certificate as well.

Seems they also put a sandbox for testing together. That being said, they
won't confirm or deny whether or not they'll be using the same CA as they
have in the sandbox...

https://cert-test.sandbox.google.com/


On Fri, May 24, 2013 at 9:34 PM, Jimmy Hess <mysidia at gmail.com> wrote:

> On 5/24/13, Jay Ashworth <jra at baylink.com> wrote:
>
>
> Hm..  this might be no big deal if not for public key pinning and CA
> pinning in modern browsers of certain sites,  they could just get
> themselves 2048 bit certificates from any CA...
>
> So what could otherwise be a routine certificate change, may have some
> unusual extra baggage attached to it -- requiring end users performing
> software code update in their only slightly outdated browsers,
> instead of just switching certificates,   so they stop getting big red
> SSL errors when trying to perform searches via Google...
>
>
> > Via PRIVACY Forum:
> >
> > ----- Forwarded Message -----
> >> From: "PRIVACY Forum mailing list" <privacy at vortex.com>
> >
> >> Google moving to longer SSL keys
> >>
> >> http://j.mp/10YAWaC (Google Online Security Blog)
>
> --
> -JH
>
>


-- 
Ryan Gard


More information about the NANOG mailing list