Google And Cloudflare Are Changing The Trust Infrastructure of the Internet: A Long Goodbye to RSA and a Hello to ECC and ECDSA
The RSA method was created by Rivest, Shamir and Adleman in 1978, and it is still used to encrypt and sign for data. The core of trust on the Internet is the usage of PKI, and where Web sites have a public key, and which has been signed by a trusted root provider. There is thus a chain of trust, that takes us up to a root signer. This normally involves the public key being verified by an intermediary trust provider. If we look at Twitter’s public key, we see it has an intermediate signing from DigiCert TLS and then from a root provider of DigiCert Global Root CA:
In the case of Twitter, we see they have an RSA public key with a 2,048-bit modulus:
There is then a signature created with a SHA-256 hash and RSA signing. But, while RSA is the most commonly used method for providing public keys, there is a growth in the usage of elliptic curves and with ECDSA signing. Why…
