GlobalSign’s Strong 2048 Bit Root Fully Compliant With National Institute of Standards and Technology Recommendations for 2011
GlobalSign’s strong 2048 bit roots embedded sine 1998 presents the most ubiquitous and widely distributed roots for all major browsers and devices
Boston, MA – November 18th 2010 – GlobalSign (www.globalsign.com), one of the longest established Certificate Authorities (CA) and specialist in Digital Certificate security today announced the global adoption of recommendations made by the National Institute of Standards and Technology (NIST) in advisories 800-57 and 800-131 and the mandatory requirements of Microsoft’s Root Certificate Program (Technical Requirement Point 11). By the end of December 2010 all RSA based certificates issued from GlobalSign’s extensive portfolio of digital certificate lifecycle management systems will be a minimum of 2048 bits. GlobalSign has been proactively supporting 2048 bit certificates as best practice since early 1998 and welcomes the recommended advice and mandatory root program requirements.
Certificate Authorities are prohibited from issuing 1024 bit Certificates from January 1st 2011 under Microsoft root program requirements. This also follows the NIST advice to transition away from 1024 bit roots. Over the next few years 1024 bit roots and certificates could feasibly be with advances in factoring 1024 bit RSA primes allowing a successful MITM (Man in the Middle) attack to be orchestrated. Guidelines state that Certificate Authorities must stop issuing 1024 bit RSA intermediates and end-entity certificates by the end of 2010, as well as prevent issuance from 1024 bit roots and intermediates.
For over a decade, GlobalSign has helped its customer worldwide stay protected and benefit from the highest levels of security available by offering a stronger security level than the industry standard (2048 bit rather than 1024 bit). As one of the few Certificate Authorities to offer this level of security since 1998, GlobalSign is eager to see a higher security level adopted industry-wide to better serve and protect customers and their relying parties. GlobalSign customers will be able to benefit from a more ubiquitous and widely distributed root than any other vendor because our worldwide root embedding program has been in operation since 1998. Other Certificate Authorities who may have just started issuing certificates from newer 2048 bit roots may experience ubiquity issues and need to use a much larger certificate chain (two intermediates as a minimum), to make up for the fact that their 2048 bit roots do not have a wide distribution in multiple root embedment programs/platforms. This will force customers to require the installation of an additional cross certificate using the old 1024 bit root keys in order to allow those older browsers to recognize the new end entity SSL Certificate hosted on the web server.
“GlobalSign has always taken the security of its customers very seriously and this was demonstrated by its forward thinking decision to use a stronger 2048 bit offline root CA and issue end entity certificates intermediates well over a decade ahead of other Certificate Authorities” said Steve Roylance, Business Development Director, GlobalSign. “This presents us with the best ubiquity in the industry as our stronger, more secure 2048 bit root is more widely distributed than any other vendor out there.”
GlobalSign will be helping its customers meet NIST recommendations and maintain best practice security levels by ensuring a minimum acceptable level for Certificate Signing Requests (CSR) of 2048 bits or more. GlobalSign will aid customers to create strong 2048 bit keys during the Certificate application process by offering AutoCSR based Certificate generation process for any customers unable to create their own CSRs. By enabling this change, customers will benefit from a more secure environment and meet the recommended security levels
For more information regarding NIST recommendations visit http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-131
For more information regarding Microsoft’s Root Certificate Program visit http://technet.microsoft.com/en-us/library/cc751157.aspx#EHAA
For further information about the official launch of GlobalSign’s Website Passport, visit Stand 1020 for more details and a product demonstration.
About GMO GlobalSign
Established in 1996 and as a WebTrust accredited public certificate authority, GlobalSign offers publicly trusted SSL Certificates, EV SSL, Managed SSL Services, S/MIME email security and Code Signing for use on all platforms including mobile devices. Its Trusted Root solution uses the widely embedded GlobalSign Root CA certificates to provide immediate PKI trust for Microsoft Certificate Services and internal PKI, eliminating the costs of using untrusted Root Certificates. Its partnership with Adobe to provide Certified Document Services (CDS) enables secure digitally signed PDF documents, certified transcripts and e-invoices. These core Digital Certificate solutions allow its thousands of authenticated customers to conduct secure online transactions, data transfer, distribution of tamper-proof code, and protection of online identities for secure email and access control. The company has a history of innovation within the online security industry and has offices in the US, UK, Belgium, Japan, China and Singapore.
GMO Internet Group
GMO Internet Group is one of the most comprehensive providers of industry-leading Internet services worldwide. As well as domain registration, web hosting, ecommerce, and payment processing businesses that each hold the top share in their respective markets in Japan, services operated by the group include Internet advertising, search engine marketing and research. Global online security brand GlobalSign and major Japanese online securities brokerage, GMO CLICK Securities are also group members. In 2011 a new Social Media & Smartphone Platform segment was established bringing together group initiatives in social apps development, flash marketing and Android apps distribution. GMO Internet, Inc. (TSE: 9449) is headquartered in Tokyo, Japan. Please visit www.gmo.jp/en for more information.
For further details please contact:
Tel: +61 3-9988-3988