>It's useful to have a "locked" version of the key for secure archival.
Why? Sounds like it just adds another point of compromise (but probably minor compared to having it loaded in memory on a web-facing computer). Maybe if you're pinning the exact certificate, but that doesn't seem like a good idea anyways (ideally, every server would have a unique private key stored in secured hardware, right?).
And 4096 bit, does that help at all? If a CA is 2048 then doesn't that max out the trust chain?
>And 4096 bit, does that help at all? If a CA is 2048 then doesn't that max out the trust chain?
Not if you use certificate pinning, but otherwise yes, you'd only have to crack the weakest cert of the chain (or well, of any chain actually, the CA system being what it is..)
you'd only have to crack the weakest cert of the chain (or well, of any chain actually, the CA system being what it is..)
Right... so I don't think anyone's going to bother trying to crack a 2048-bit cipher either when it's much easier to just bribe/blackmail/torture a single employee of one of the hundreds of organizations in ca-certificates.
Why? Sounds like it just adds another point of compromise (but probably minor compared to having it loaded in memory on a web-facing computer). Maybe if you're pinning the exact certificate, but that doesn't seem like a good idea anyways (ideally, every server would have a unique private key stored in secured hardware, right?).
And 4096 bit, does that help at all? If a CA is 2048 then doesn't that max out the trust chain?