MozillaWiki

Security/Guidelines/Key Management

< Security‎ | Guidelines
Revision as of 18:54, 23 October 2014 by Ulfr (talk | contribs)

The goal of this document is to help operational teams with the management of cryptographic keys. All Mozilla sites and deployment should follow the recommendations below.

Document Status Major Versions
READY
  • Version 1: kang/ulfr: creation

Data classification and handling

Key material

Key material identifies the cryptographic secrets that compose a key. All key material must be treated as restricted data, meaning that only individual with specific training and need-to-know should have access to key material. Key material must be encrypted on transmission. Key material can be stored in clear text, but with proper access control.

Public certificates

Public certificates are public and do not require specific access control or encryption.

Key sizes

Algorithm and key size Validity period (expiration/rotation)
RSA 2048 bits 2 years or less RSA 4096 bits 10 years or less ECDSA 256 bits 2 years or less ECDSA 384 bits 10 years or less
Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Guidelines/Key_Management&oldid=1027664"