Educause Security Discussion mailing list archives
Thawte root change to 2048 bit cert and intermediate CA
From: "Flynn, Gary" <flynngn () JMU EDU>
Date: Tue, 25 May 2010 16:08:26 -0400
https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=AD221&actp=LIST&viewlocale=en_US If they're changing their root cert and adding an intermediate cert, won't all browsers and clients have to have those certs added to their stores for SSL certs signed by them to be trusted? I don't see a 2048 bit Thawte cert in the latest patched version of Internet Explorer. They have scheduled a presentation in June to describe the change coming in June. Given our experience with their presentation about the SPKI changes a few months ago and subsequent operational issues, I'm a bit anxious about this change even with their wording, "There is no action necessary on your part. Your current valid Certificates issued off our MD5, 1024 bit RSA Roots will continue to operate correctly and securely. There is no need to replace your existing Certificates. Thawte is providing this advance information to ensure a smooth transition. Also, this information will help you in making your IT investment decisions e.g. ask the vendors if they support 2048-bit RSA keys etc.". What about certs issued using their new root? Any thoughts?
Current thread:
- Thawte root change to 2048 bit cert and intermediate CA Flynn, Gary (May 25)
- <Possible follow-ups>
- Re: Thawte root change to 2048 bit cert and intermediate CA Jason Testart (May 25)
- Re: Thawte root change to 2048 bit cert and intermediate CA David A. Greenberg (May 26)
- Re: Thawte root change to 2048 bit cert and intermediate CA Russell Fulton (May 26)