Following reports about NSA's efforts to defeat encryption, security experts believe that breaking 1024-bit SSL private keys is within the agency's ability given its financial resources and access to powerful computers.
Providers of popular Web services like Google, Facebook, Microsoft and Twitter are already using SSL certificates with 2048-bit keys and the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, a set of guidelines published by the Certification Authority/Browser (CAB) Forum, mandates that all newly issued SSL certificates with a validity period ending after Dec. 31 should use 2048-bit RSA keys.
However, cracking private keys using brute-force methods is not the only way to subvert encryption. An intelligence agency like the NSA could simply ask or coerce service providers to hand over their keys or they could break into servers and steal them. This would allow the decryption of all previously captured traffic.
To counter that, security experts recommend configuring SSL deployments to use key exchange algorithms that support a feature called perfect forward secrecy. The algorithms generate separate and temporary private keys for each individual session, making it impossible to decrypt previously captured traffic by obtaining a single key.
Such security considerations are just some of the factors that should guide a strategy for deploying TLS. There are also differences between using TLS with HTTP and using TLS with other application protocols, which can make things even more confusing for application developers, server administrators and other TLS implementers.
"The IETF at its best can bring together the best and the brightest and as a chair I hope that efforts like the Qualys SSL Labs, the XMPP Manifesto and others will join together to inform UTA," Johansson said.
Sign up for CIO Asia eNewsletters.