Top

GlobalSign 2048 Bit Root Fully Compliant With NIST Recommendations for 2011

November 19, 2010 by  

Web Hosting ServicesBoston, MA – GlobalSign, one of the longest established Certificate Authorities (CA) and specialist in Digital Certificate security today announced the global adoption of recommendations made by the National Institute of Standards and Technology (NIST) in advisories 800-57 and 800-131 and the mandatory requirements of Microsoft’s Root Certificate Program (Technical Requirement Point 11).  By the end of December 2010 all RSA based certificates issued from GlobalSign’s extensive portfolio of digital certificate lifecycle management systems will be a minimum of 2048 bits.  GlobalSign has been proactively supporting 2048 bit certificates as best practice since early 1998 and welcomes the recommended advice and mandatory root program requirements.

Certificate Authorities are prohibited from issuing 1024 bit Certificates from January 1st 2011 under Microsoft root program requirements. This also follows the NIST advice to transition away from 1024 bit roots. Over the next few years 1024 bit roots and certificates could feasibly be with advances in factoring 1024 bit RSA primes allowing a successful MITM (Man in the Middle) attack to be orchestrated. Guidelines state that Certificate Authorities must stop issuing 1024 bit RSA intermediates and end-entity certificates by the end of 2010, as well as prevent issuance from 1024 bit roots and intermediates.


For over a decade, GlobalSign has helped its customer worldwide stay protected and benefit from the highest levels of security available by offering a stronger security level than the industry standard (2048 bit rather than 1024 bit). As one of the few Certificate Authorities to offer this level of security since 1998, GlobalSign is eager to see a higher security level adopted industry-wide to better serve and protect customers and their relying parties. GlobalSign customers will be able to benefit from a more ubiquitous and widely distributed root than any other vendor because our worldwide root embedding program has been in operation since 1998. Other Certificate Authorities who may  have just started issuing certificates from newer 2048 bit roots may experience ubiquity issues and need to use a much larger certificate chain (two intermediates as a minimum), to make up for the fact that their 2048 bit roots do not have a wide distribution in multiple root embedment programs/platforms.  This will force customers to require the installation of an additional cross certificate using the old 1024 bit root keys in order to allow those older browsers to recognize the new end entity SSL Certificate hosted on the web server.

“GlobalSign has always taken the security of its customers very seriously and this was demonstrated by its forward thinking decision to use a stronger 2048 bit offline root CA and issue end entity certificates intermediates well over a decade ahead of other Certificate Authorities” said Steve Roylance, Business Development Director, GlobalSign.  “This presents us with the best ubiquity in the industry as our stronger, more secure 2048 bit root is more widely distributed than any other vendor out there.”

GlobalSign will be helping its customers meet NIST recommendations and maintain best practice security levels by ensuring a minimum acceptable level for Certificate Signing Requests (CSR) of 2048 bits or more. GlobalSign will aid customers to create strong 2048 bit keys during the Certificate application process by offering AutoCSR based Certificate generation process for any customers unable to create their own CSRs.  By enabling this change, customers will benefit from a more secure environment and meet the recommended security levels.

For more information regarding NIST recommendations visit http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-131

For more information regarding Microsoft’s Root Certificate Program visit http://technet.microsoft.com/en-us/library/cc751157.aspx#EHAA

About GlobalSign

Established in 1996 and as a WebTrust accredited public certificate authority, GlobalSign offers publicly trusted SSL, including EV SSL Certificates, S/MIME and Code Signing Certificates for use on all platforms including mobile devices. Its Trusted Root solution uses the widely distributed GlobalSign Root CA certificates to provide immediate PKI trust for Microsoft CA and enterprise CAs, eliminating the costs associated with using untrusted Root Certificates. Its partnership with Adobe to provide Certified Document Services (CDS) enables secure digitally signed PDF e-documents.  These core Digital Certificate solutions allow its thousands of customers to conduct secure online transactions and data transfer, distribute tamper-proof code, and bind identities to client certificates for email security and remote two factor authentication.  The company has a history of innovation within the online security market and has offices in the US, UK, Belgium, Japan, and China.

Receive alerts when your website goes offline. Sign-up for free site monitoring at UptimeSpy.com.

Be Sociable, Share!

Comments

Comments are closed.

Bottom