Upload
norton-secured
View
1.287
Download
2
Embed Size (px)
DESCRIPTION
Authorities stop supporting 1024-bit key length RSA certificates for both SSL and code signing by the end of this year (2013). Any Symantec customers with certificates expiring this year (2013) will need to renew by generating a Certificate Signing Request (CSR) of 2048 bits or higher. Any Symantec customers with certificates expiring in 2014 or later will need to replace and upgrade all 1024-bit certificates with 2048-bit RSA/DSA or 256-bit ECC certificates by 1st October 2013. All existing 1024-bit certificates will be discontinued industry-wide in the new year (2014). This is in compliance with NIST Special Publication 800-131A you can read more about the changes here - http://www.symantec.com/connect/blogs/what-you-need-know-migrate-1024-bit-2048-bit-encryption
Citation preview
1024-Bit Migration Informational WebinarAndrew HorburyProduct Marketing Managerhttp://go.symantec.com/1024
The Topic• The National Institute of Standards and Technology
(NIST) Special Publication 800-131A calls for the end of 1024-bit certificate usage by 31 December 20132
• The Certification Authority/Browser (CA/B) Forum requires the end-of-life for all 1024-bit certificates and code signing products by 31 December 20131
• Symantec fully supports the NIST and CA/B Forum positions: staying ahead of encryption factoring is the duty of every responsible CA3
1024-Bit Migration Webinar
1. CA/Browser Forum, Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates v.1.1.3, CA/Browser Forum (21 February 2013), https://www.cabforum.org/Baseline_Requirements_V1_1_3.pdf.2. Elaine Barker and Allen Roginsky, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, NIST (January 2011), http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf.3. Symantec, 2013 Industry Requirements: Ending Support for 1024-bit keys. Upgrade to 2048-bit keys or ECC Certificates, Symantec Corporation (May 2013),http://go.symantec.com/1024.
1024-Bit Migration Webinar
Microsoft, Windows Root Certificate Program - Technical Requirements, Microsoft Corporation (6 April 2011), http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements.aspx.
1024-Bit Migration Webinar
Mozilla, Mozilla CA Certificate Maintenance Policy (Version 2.1), Mozilla (8 May 2013), http://www.mozilla.org/projects/security/certs/policy/MaintenancePolicy.html.
The RSA Algorithm
• First publically described by Ron Rivest, Adi Shamir, and Len Adleman in 1977
• Since 1991, 17 RSA key lengths have been factored (hacked)
1024-Bit Migration Webinar
Ending the life of a key size is a natural point
in the lifecycle of any algorithm.
RSA Key Sizes Factored Over Time
1024-Bit Migration Webinar
Aug 1999
512Nov 2005
640July 2012
704
Dec 2003
576Dec 2009
768 ?1024
Our Responsibility–to the industry, to trust online, and to you
• We want to assist you through this key size’s lifecycle end• What you need to know: http://go.symantec.com/1024
1024-Bit Migration Webinar
• We have a number of resources to support you through this key size’s lifecycle end
• Ready now: http://go.symantec.com/1024• For certificates expiring this year: – Symantec will allow them to expire naturally– Get help with generating a new Certificate Signing Request (CSR) at
http://go.symantec.com/1024
• For certificates expiring in 2014 and later:– Symantec is initiating a rolling revocation process, beginning 1 October 2013– Helps customers adopt new encryption levels before year-end IT blackout
periods and busy holiday online shopping
1024-Bit Migration Webinar
Generate a new CSRThis page has every tool you need to generate a new CSR for a compliant certificate.
Our Responsibility – to the industry, to trust online, and to you
Keeping It Simple
Certificate expires:
2013Certificate expires:
2014+Generate a new Certificate Signing Request with a valid key length before/when your certificate expires.
Revoke and replace your Certificate with a valid certificate before 1 October 2013.
1024-Bit Migration Webinar
Do Your Part
1. Find your 1024-bit certificates– Run a test on your fully qualified domain name (FQDN) to check for key
length.
2. For certificates expiring this year: – At renewal, generate a CSR using a 2048-bit RSA key
3. For certificates expiring in 2014 and later:– Revoke and replace all 1024-bit certificates with a CSR using a 2048-bit
RSA/DSA or 256-bit ECC key (Read more about ECC http://bit.ly/13dZQZn– Symantec™ Managed PKI for SSL customers can configure 1024-bit
certificates with a customized expiration date before the deadline
1024-Bit Migration Webinar
Check your certificate’s encryption strengthEasily determine the key-length of your certificates.
http://go.symantec.com/1024
Save This Screen(Windows: “Alt-PrintScreen” or Mac: “Command-Shift-3”)
• http://go.symantec.com/1024• http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf• http://www.cabforum.org/Baseline_Requirements_V1_1_3.pdf• http://social.technet.microsoft.com/wiki/contents/articles/
1760.windows-root-certificate-program-technical-requirements.aspx• http://www.mozilla.org/projects/security/certs/policy/
MaintenancePolicy.html• http://www.symantec.com/page.jsp?id=how-ssl-works&tab=secTab4• http://go.symantec.com/certificate-intelligence-center
1024-Bit Migration Webinar
1024-Bit Migration Webinar
Trust Center AccountUnited Kingdom: email: [email protected]: 0808 234 2897 or 0808 101 3911 (Cable and mobiles)
France: email: [email protected]: 0800 91 40 81 Spain: email: [email protected]: 900 99 4142
Germany: email: [email protected]: 0800 183 0624
Denmark: email: [email protected]: 80 88 20 30
Sweden: email: [email protected]: 020-799270
1024-Bit Migration Webinar
Managed PKI for SSLUnited Kingdom: email: [email protected]: 0808 234 2897 or 0808 101 3911 (Cable and mobiles)
France: email: [email protected]: 0800 91 40 81 Spain: email: [email protected]: 900 99 4142
Germany: email: [email protected]: 0800 183 0624
Denmark: email: [email protected]: 80 88 20 30
Sweden: email: [email protected]: 020-799270
Thank you!
Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
1024-Bit Migration Webinar
Andrew Horburyhttp://go.symantec.com/1024