A weak roots are defined as a keys long less than 1024-bits. No connections with these short encryption keys are dedicated to increase the protection of users and also moving from the Internet old and unsafe tools to a stronger encryption length.
Microsoft has been informing about changes for several months and has been promoting upgrades to minimum 2048-bits root certificates. From tomorrow (9 October 2012) weak root keys will be cancelled as an unsafe connections.
These certificates uses keys with 516-bits lengths e.g., but today the norm is 2048-bits length and it is possible to find a security with 4096-bits encryption level.
All key lengths less than 1024-bytes were designed many years ago and don't provide protection against attacks popular in the Internet nowadays. No changes for stronger encryption may meet no connection with the website (poorly protected sites may be disconnected by the browser) or no digital signs for e-mail on Outlooks.
Rejecting weak security levels shouldn't affect many sites and Internet users because all SSL certificates are issued by Certificates Authorities for specified number of years and after this time it is necessary to renew SSL certificate with obligatory valid security level.
Tomorrow's upgrade continues the plan of rejecting all weak root keys. This August Microsoft cancelled all connections with websites, applications, platforms and files which worked with old keys long less than 1024-bits issued before 1st January 2010. Microsoft is planning to cancel all 1024-bits in the end of next year.
More: InfoSecurity Magazine
According to previous announcements, a year after the acquisition of Comodo Group by Francisco Partners, on November 1 Comodo CA announced that from now on it is changing its brand to Sectigo [pronounced. sec-tee-go]. The goal of rebranding is consistency in company communication and better dedication to what Comodo is doing now.
The European Union Agency for Network and Information Security (ENISA), which is the center of knowledge about cyber security in Europe, organizes as every year in October the European Cyber Security Month. The campaign is starting in a few days. What is its purpose and how can you participate in it?
General Data Protection Regulation (GDPR) is a 99-article regulation meant to protect the private data of Europeans in IT systems. Announced in 2016, covers a broad variety of topics and will go into effect as a requirement on May 25, 2018. GDPR applies to any company doing business in Europe even if it is located elsewhere.