I would kindly like to ask everyone to stop discussing the pro and cons of that randomization technique. This post was about the LE's roadmap for key sizes and the updated BSI regulations. The randomization technique tries to solve another problem and if this randomization technique has undesired or impractical side effects for some people, please open a new discussion thread.
I am not sure what kind of "time" you are referring to. Personnel expenditure at LE's side to implement the transition from 2048 to 3072 bit or computational complexity every time a TLS server/client has to perform a calculation with the (larger) key.
With respect to personnel expenditure, I don't see that. It isn't like that there is a complete new feature to be developed or that something changes on the architectural level. The key size is supposed to be a parameter which only needs to be set to a new value. As of today it is already possible to obtain leaf certificates with 3072 bit without further ado.
With respect to enhanced requirements, there are those requirements by the German BSI. That why I started this post in the first place.
I assume that you once again aim at the wording as "recommendations". As I already wrote in post #6 those recommendations are strict, unless you have very good reasons to not follow them and you have compensational measures in place (e.g. fixed industrial PLCs which cannot be updated, but everything is air-gapped on a closed network).
In Germany we have a saying, "where there is no plaintiff, there is no judge". Yes, the German BSI cannot enact laws as the BSI is not a legislative body, but part of the executive branch. However, BSI regulations are comparable to statutory ordinance. If something happens and if someone sues you or someone pulls charges against you (e.g. consider a data leak in violation of the GDPR) a judge will refer to BSI regulations as the lower barrier for state-of-the-art security measures.
Exactly, thank you. Basically any arguments like
are futile (at least for German users). All these kind of arguments have already been made during the discussion of that BSI regulation. However, as always when there is a continuum of possible options (in this case key sizes), the final result will always be arbitrary. But this is intrinsic to that kind of regulations. There will always be good arguments for smaller key sizes, there will always be arguments for larger key sizes, but eventually one has to draw a line in the sand. And the BSI drew the line at 3000 bits.
Take speed limits for car traffic as another example. In most regions the speed limit within city limits is 50km/h (or 30mph in North America). That limit is also completely arbitrary as can already be seen from the fact that some regions allow 60km/h (~35mph) and some other only 40km/h (~25mph). As long as nobody catches you and as long as nothing happens, going over the speed limit won't have any consequences. However, if one violates the speed limit and something happens (e.g. car accident), then any argument along the lines that the speed limit didn't make sense, because the car had some extra safety measures, won't help you.
Having said that, let's summarize. My objectives for this thread were twofold:
- raising awareness on LE's side for the new BSI regulations, and
- asking about the LE's future road map.
I believe both goals have been achieved. @mcpherrinm works for LE and is now aware of the new BSI regulations. I myself also got my answer that there are no such plans to increase RSA key size above 3000 bits. That puts German user into a difficult spot, but so be it. That's something German users have to deal with unless LE changes its position.