Did you shoot video of the HSM destruction? Please put it on YouTube
But your certificate for "CN = mail.google.com" on https://gmail.com has certificate with 256 bits key. Why so?
Thanks really awesome article I really like it and also I will share with my friends thanksServer Colocation
While I am pleased to see a move to RSA2048, use of Elliptic Curve keys and use of relatively short term certificates for user and issuing CA. I am howvere disappointed that you still have:- SHA1 as your hashing algorithm in the subject certificate;- SHA1 in the entire chain within your issuing CA and the GeoTrust root and;- the fact that you have not moved your CA to be signed by a root that is of a greater cryptographic strength, such as RSA 3084 or RSA 4096.Hopefully with your next update you can look at strengthening your posture that extra step.
Post a Comment