Google to replace SSL certificates
Google will update its certificate infrastructure and has, as a precaution, warned of potential problems. Starting in August, the company will replace its SSL certificates to implement new, longer keys. The change will also affect the root certificate that Google uses to sign all its own certificates.
The company's overall aim is to replace the 1024-bit RSA keys that are still in use with 2048-bit keys. The US NIST, the leading authority on crypto security whose recommendations are binding for US government agencies, recommends that RSA keys with a length of less than 2048 bits should cease to be used by the end of 2013. However, this is only intended as a precautionary measure. Although RSA-768 was cracked in 2010, the institute said that it anticipates that 1024-bit keys won't be cracked before 2016.
While such a switch shouldn't really cause any serious problems, special techniques that check certain certificate characteristics when verifying a certificate's validity could suddenly trigger alerts. Therefore, Google has released an FAQ and comprehensive certificate usage instructions for developers.
(djwm)