found this on bing:
Computer power has lessened the time it takes to break the algorithms used by today's secure certificate private keys.
To avoid putting the Internet and e-commerce users at risk, the Certificate Authority Browser Forum has published new requirements for secure certificates. We are a member of this organization and are supporting this change by requiring 2048-bit length for all new and renewing SSLs.
The following are the requirements established by the Certificate Authority Browser Forum for Extended Validation Certificates:
- A minimum of 2048-bit RSA keys for root and subordinate CAs.
- A minimum of 2048-bit keys for entity certificates (the secure certificates issued to our customers) that expire after December 31st, 2010.
Microsoft®, for example, is a member of the Certificate Authority Browser Forum and supports these requirements for all certificates by incorporating the following requirements into their programs:
- All new root certificates must have a minimum of 2048-bit RSA keys.
- 1024-bit roots will be removed from the Microsoft Root Certificate Program by December 13th, 2013.
- All end entity certificates issued after December 31st, 2010 must have a minimum of 2048-bit RSA keys.