Q: Why is using larger keys better?
A: Precomputation attacks

"Adrian et al. estimate that, for a single 1024-bit prime, doing the NFS precomputation would take about 45 million years using a single core—or to put it more ominously, 1 year using 45 million cores. If you built special-purpose hardware, that could go down by almost two orders of magnitude, putting the monetary cost at a few hundred million dollars, completely within the reach of a sufficiently determined nation-state. Once the precomputation was done, and the terabytes of output stored in a data center somewhere, computing a particular discrete log would then take about 30 days using 1 core, or mere minutes using a supercomputer."

Read more from Scott Aaronson: http://www.scottaaronson.com/blog/?p=2293


Q: Why are certificate authorities bad?
A: By relying on certificate authorities, we are centralizing all encrypted communications and forced to trust 3rd party corporations that are motivated by profit and can be coerced by governments

"But here's the thing: why did Geotrust just go ahead and revoke the certificates for all .PW domains without any warning? Why did they believe that this was the best course of action and why did they decide to put domains at risk? It is because of these questions that I cannot recommend using them as a certificate authority.

Geotrust has done a great job demonstrating the problem with certificate authorities: they're closed organizations that you cannot put any trust into."

Read more from Colin Keigher: http://colin.keigher.ca/2015/09/geotrustsymantec-has-revoked-all-ssl.html

A: They can just issue certificates for anything they want even if you never authorized it
On Friday, Google reported on its online security blog the faulty issuance of a certificate for google.com and www.google.com by Symantec, a prominent Certificate Authority. This misissuance is significant not only because it represents a breach in the core Internet trust mechanism; it was also the first of its kind with regards to the type of certificate issued (Extended Validation) as well as the mechanism by which the certificate was discovered (Certificate Transparency).

Read more from the EFF: https://www.eff.org/deeplinks/2015/09/symantec-issues-rogue-ev-certificate-googlecom

A: In 2012, Trustwave issued a root certificate to some big company so they could monitor HTTPS traffic within their network
Somehow the two companies cooked up the following plan. Trustwave would generate a new 'subordinate root' certificate with full signing authority. Anyone who possessed the signing key for this cert would essentially be Trustwave -- meaning that they could vouch for any website they wanted. Of course, such a key would be enormously valuable (and dangerous). No responsible CA would allow such a thing to leave their facilities.

But apparently Trustwave's motto is 'think different'. So they cheerfully packed the signing key into a Hardware Security Module and sent it over to ACME. From that point on, ACME possessed the ability to transparently impersonate any SSL website on the Internet.

Read more at CryptographyEngineering
Blog post 1
Blog post 2



See also:
Edward Snowden
SSL
IRC
Mumble