Retirement date scheduled for 1024 bit RSA
One feature of the CABForum Extended Validation guidelines that maybe should have attracted more attention than it has is the signing key length requirement. 1024 bit keys are only permitted in certificates issued up to 31 December 2010. A minimum RSA key length of 2048 bits is required after that date.
The transition to longer key lengths has been a long time in the making, by the time it finally happens it will be more than a decade since the first 2048 bit roots were distributed. Clearly the transition will not be total even then as the restriction will only apply to EV certificates.
The length of time taken to make the change illustrates one of the reasons why crytpographic protocol designers are so conservative in their original choices of cryptographic algorithms and key strengths. Its like trying to change course in a mile-long supertanker. There is a lot of inertia.
From the user's perspective the change should not have a huge impact. Even bargain PCs can perform many hundred RSA 2048 operations in a second today. The impact on servers may be somewhat more significant but even here the cost of SSL acceleration hardware is much less than in the past.
