why 3072-bit keys?

Wessel, Keith kwessel at
Wed May 31 11:13:12 EDT 2017

Thanks, Scott. I suspected this was primarily future-proofing things. The rationale in that enhancement you sent the link to makes sense.


-----Original Message-----
From: users [mailto:users-bounces at] On Behalf Of Cantor, Scott
Sent: Wednesday, May 31, 2017 10:09 AM
To: Shib Users <users at>
Subject: Re: why 3072-bit keys?

On 5/31/17, 11:01 AM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

> One of our developers was looking at yesterday, reproducing its functionality elsewhere, and he noticed that it
> generates 3072-bit keys for the SP. I would have expected a 2048-bit key size. Obviously, the 3072-bit keys are that much more
> secure, but I'd think once you get past 2048 bits, it becomes somewhat academic.

If we had a discussion about whether to increase the size I don't remember it in detail other than that it doesn't hurt anything, and eventually 2048 is doomed just like 1024.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list