Comment 0 for bug 1461834

1024-bit RSA was deprecated years ago by NIST[1], Microsoft[2] and more recently by others[3].

1024-bit signing keys are insufficient to guarantee the authenticity of software distributed from Launchpad.net. There should be a mechanism to refuse signing keys below a minimum key length based on key type. 1024-bit signing keys should be deprecated and removed from Launchpad.net itself ASAP.

1. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
2. http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx
3. https://threatpost.com/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted/108114