Primary eng (and PM) emails
Link to "Intent to Deprecate" thread
No deprecate thread. Browsers have required that all new RSA certificates valid after Dec 31 2013 be issued with key sizes of at least 2048-bits, first starting as a requirement in late 2011.
Summary
This is concluding a half-decade long migration away from weaker keys (those with RSA key sizes less than 2048-bits).
Certificates issued with such keys will be treated as if their key was weak, as is already done for key sizes less than 1024 bits (technically, 1023, due to CAs' inability to follow IETF drafts)
Motivation
Browsers have been collaborating in the CA/Browser Forum to deprecate this practice for the past decade, with the first version of the Baseline Requirements (late 2011) fully forbidding certificates from being valid after 12-31-2013 with RSA key sizes less than 2048 bits.
Despite this, it still took several years to phase out the practice, particularly for intermediate certificates that needed to be rotated.
The risk in accepting a weak key size is that the key has an increased risk of factoring by motivated attackers, and is below the threshold suitable for long-lived protection.
Compatibility Risk
Low. The Baseline Requirements have capped the practice since 2011.
The CA/Browser Forum itself has strong signals from other UAs for deprecating. However, to date, only Apple has expressed support for enforcing (via App Transport Security), although I suspect our Mozilla colleagues may be interested in moving forward as well.
Usage Information
The affect that this would have on the number of certificate validations is tracked by the CertificateType2 set of metrics, which are broken down by the BR effective day (2012-07-01), the type of certificate (leaf, intermediate, root) and the key algorithm being used. This proposal would only affect RSA keys.
From the BR-compliant set:
CertificateType2.BR.Leaf.RSA = 0.00%
CertificateType2.BR.Intermediate.RSA = 0.00%
CertificateType2.BR.Root.RSA = 0.03%
From the pre-BR set
CertificateType2.NonBR.Leaf.RSA = 0.00%
CertificateType2.NonBR.Intermediate.RSA = 0.01%
CertificateType2.NonBR.Root.RSA = 0.22%
However, note that "NonBR" is measured by the leaf's validity period, not the roots'. Thus that 0.22% is "The set of certificates whose leaf cert is set at 2012-07-01 or earlier, and which is not expired" - meaning these certificate have been in use for nearly 5 years, which is well-into the legacy that is also being deprecated (the BRs previously required 60 month validity - 5 years - presently require 39 month validity - 3.25 years - and we're working to reduce that significantly in the coming months).
OWP launch tracking bug
Entry on the feature dashboard
[Unclear whether this warrants one]