Perspectives-Server icon indicating copy to clipboard operation
Perspectives-Server copied to clipboard
verified publisher icon danwent

Increase notary key size

Open daveschaefer opened this issue 11 years ago • 1 comments

SSL Labs' "TLS Deployment Best Practises" doc suggests using a minimum of 2048 bit RSA keys, or ECDSA keys for longer lengths. We should increase notary key sizes.

This will require testing to see if takes noticeably longer to calculate data for sites. We could always implement a background script that calculates site XML after a scan has completed, similar to server version 2.

daveschaefer avatar Jan 24 '14 07:01 daveschaefer

The smoothest way to upgrade existing notary keys may be to extract notary info into an XML file, as mentioned here - https://github.com/danwent/Perspectives/issues/97 . The notary could then use multiple keys in an overlapping time period, to give clients time to switch to the new one before removing the old.

daveschaefer avatar Jan 24 '14 07:01 daveschaefer