|
|
| (53 intermediate revisions by 3 users not shown) |
| Line 1: |
Line 1: |
| The goal of this document is to help operational teams with the management of cryptographic keys. All Mozilla sites and deployment should follow the recommendations below.
| | This page can now be found at https://infosec.mozilla.org/guidelines/key_management |
| | |
| <table><tr>
| |
| <td><div style="float:left;" class="toclimit-3">__TOC__</div></td>
| |
| <td valign="top">
| |
| {| class="wikitable"
| |
| |-
| |
| ! Document Status !! Major Versions
| |
| |-
| |
| | <span style="color:green;">'''READY'''</span> ||
| |
| * Version 1: kang/ulfr: creation
| |
| |}
| |
| </td>
| |
| </tr></table>
| |
| | |
| = Data classification and handling=
| |
| | |
| == Key material ==
| |
| Key material identifies the cryptographic secrets that compose a key. All key material must be treated as restricted data, meaning that only individual with specific training and need-to-know should have access to key material.
| |
| Key material must be encrypted on transmission. Key material can be stored in clear text, but with proper access control.
| |
| | |
| == Public certificates ==
| |
| Public certificates are public and do not require specific access control or encryption.
| |
| | |
| = Key sizes =
| |
| | |
| {| class="wikitable"
| |
| |-
| |
| ! Algorithm and key size !! Validity period (expiration/rotation)
| |
| |-
| |
| | RSA 2048 bits || 2 years or less
| |
| | RSA 4096 bits || 10 years or less
| |
| | ECDSA 256 bits || 2 years or less
| |
| | ECDSA 384 bits || 10 years or less
| |
| |}
| |
Latest revision as of 23:23, 12 March 2021