Page 2 of 2
Also on Tuesday, Microsoft will activate its new policy that invalidates any certificate with encryption of 1,024 bits or less.
"It has been considered bad form to use certificates with such a short key length," said Qualys' Kandek. "In our research, we have only detected two certificates of that type. The impact is that you would expect to see an Internet Explorer warning when you go to a site that has a weakly encrypted certificate. But, I don't expect this to cause any large-scale issues."
This shift in policy is directly related to Flame malware, which has the capability of exploiting short encryption and certificates.