Existing S/MIME CAs using RSA keys less than 3072 bit

36 views
Skip to first unread message

Stephen Davidson

unread,
Mar 24, 2026, 1:52:08 PM (8 days ago) Mar 24
to smcwg-...@groups.cabforum.org

The attached shows the spread of validity periods for valid S/MIME subCAs in CCADB using RSA keys less than 3072 bit, as background for this discussion:


    *  Review of draft ballot requiring step up of new subCAs using RSA keys to 3072 bit or higher and eventual cease issuance on subCAs using RSA keys smaller than 3072.  https://github.com/cabforum/smime/compare/be9a18ab2b48eb0cbff41d3a268202f700c06c05...a90411aa2a7d2279692c21a35597a950cc9f37c7

 

Thanks to Ben Wilson for helping with the raw data.

 

Regards, Stephen

 

Stephen Davidson

A close up of a sign Description automatically generated

 

RSA_2048_subCA_expiry.pdf
Reply all
Reply to author
Forward
0 new messages