RSA key length support for generateCertificate

As shown by
https://wpt.fyi/results/webrtc/RTCPeerConnection-generateCertificate.html?label=experimental&label=master&aligned
all browsers support 1024 and 2048 bits (which is [required](https://w3c.github.io/webrtc-pc/#methods-3)).
Chrome supports up to 8192 bits (which take about 60 seconds to generate so WPT tests for that were too flaky). Firefox supports values above that even.

1024 bits RSA keys have been considered weak for a while now:
* [Mozilla, 2014](https://blog.mozilla.org/security/2014/09/08/phasing-out-certificates-with-1024-bit-rsa-keys/)
* [Microsoft, since 2012](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/tls-server-authentication-deprecation-of-weak-rsa-certificates/ba-p/4134028)

Can we agree that the minimum key length should be 2048? @alvestrand said 1024 is virtually unused in Chromium so can be safely removed.

Given that ECDSA has been the default in Chromium-based browsers ([2016](https://groups.google.com/g/discuss-webrtc/c/bDfxOA8XiJI/m/XlmleoPOBgAJ)) it might be time to deprecate RSA alltogether.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

RSA key length support for generateCertificate #3057

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

RSA key length support for generateCertificate #3057

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions