North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: PKI operators anyone?

  • From: Erik Amundson
  • Date: Wed Sep 05 11:01:16 2007

Validity periods aside, we have experimented quite a bit with putting
certs on everything we possibly can, and we've found that there are a
whole lot of products that can't handle root key sizes above 2048, some
can't even handle anything larger than 1024.

Included in the 'can't handle your root' list are several Cisco products
(some products can handle 2048, some 1024, some 4096), and many software
products that use an older Java version that has a max of 2048.

This has always raised the question: Why do software authors think to
implement PKI, but not think that key sizes will eventually grow over
time?  Seems very short-sighted to me.

I guess the option to choose for full interoperability is 1024 keys on
all certs, but that is at a sacrifice of security on your higher-level

- Erik Amundson

-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of
Joe Maimon
Sent: Wednesday, September 05, 2007 9:06 AM
To: North American Networking and Offtopic Gripes List
Subject: PKI operators anyone?

MS-PRESS recommended design guidelines for multi-tier PKI systems for 
validity periods are along the lines of

8 years for the root
4 years for the "policy"
2 years for the "issuing"
1 year for the issued certificate

This is ostensibly due to fears of brute force cracking of the private 
keys over the root key's validity period.

Accompanied with this recommendation is one for key lengths of

4096 for the root
2048 for the policy
1024 for the issuing and for the issued.

I have found the downside to this: Constant renewals every single year 
of either minor or major impact.

While MS-AD pki client implementations seem to handle most of the 
(except for the root) resigning just fine, external implementation 
struggle with some details, such as "chaining up to the root" trusting 
(thereby only requiring them to trust the root cert) and such as 
trusting two different certs (for an issuing CA that gets resigned) but 
that have the same common name, hence loads of fun every 11 months or

I am about to recommend a re implementation along these lines

80 years for the root, 4096bit key
35 years for the policy, 4096bit key
15 years for the issuing, ?bit key
<=5 years for the issued certificates.

Good idea? Bad Idea? Comments? Are all pki client implementation in the 
wild 4096bit compatible?

Thanks in advance,