Cryptographic algorithms used in public key environments were not made for eternal use. If we think of historical algorithms such as the Atbash or the Caesar ciphers, there is no wonder why we do not use them in today’s PKIs. The case is not different with our „modern” solutions either: as technology is developing, computing power increases, which eases brute force attacks against keys and other parameters, not speaking of discovering new attack methods against these algorithms. For avoiding such weaknesses, there are documents and standards which specify a so-called sunset date, that determines when should one exclude specific algorithms from those supported. Recently, in one of such documents, the usability of the widespread 2048-bit RSA has been extended for three more years.

As PKI is not unified worldwide, the corresponding legislation and regulatory bodies usually differ; the same applies regarding algorithm sunset dates. For example, in the US, the main standards and guidelines have been worked out by NIST. These are often followed in other continents, but in Europe, we have other participants contributing to the security-wise standardization of algorithm usability. The basis of the European structure of this issue is developed by SOG-IS, which is an abbreviation for Senior Officials Group Information Systems Security.

This organization consists of government agencies from EFTA countries, with the original aim of the coordination of standardizing Common Criteria protection profiles, but the current structure includes working groups such as the Crypto WG, which is responsible for the creation and maintenance of the document called SOG-IS Crypto Evaluation Scheme - Agreed Cryptographic Mechanisms. This document, which is currently referred to as SOG-IS Agreed Cryptographic Mechanisms is made for the purpose of supporting Common Criteria evaluations of TOEs whose security functionalities comprise cryptographic mechanisms, but it is as well the basis of the most relevant European Technical Specification about algorithms, namely ETSI’s TS 119 312, or, as commonly called, AlgoPaper.

The Agreed Cryptographic Mechanisms document divides algorithms into two categories, namely recommended and legacy, and the AlgoPaper uses these terms in the same way, also trying to follow the recommendations of SOG-IS with slightly different sunset dates but keeping the main idea. Legacy algorithms are supported for interoperability purposes and they include RSA with a key size of more than 1900 bits, but less than 3000 bits; this is important because in hierarchical PKIs, a very common key size is 2048-bit; the World is currently not aware of any working attacks against it with sufficiently secure parameters, thus its sunset date keeps getting extended, as it has been several times.

The new version of the SOG-IS Agreed Cryptographic Mechanisms gives most legacy algorithms five more years of usability, and three for 2048-bit RSA. This is probable to be reflected in the ETSI AlgoPaper as well, so users of RSA-based certificates need not to worry for now, but as it is probable that this deadline will not be extended any longer, a good option is to migrate to ECC-based solutions that are recommended by the international community.

References:

ETSI TS 119 312 V1.3.1 (2019-02)
https://www.etsi.org/deliver/etsi_ts/119300_119399/119312/01.03.01_60/ts_119312v010301p.pdf

SOG-IS Crypto Evaluation Scheme Agreed Cryptographic Mechanisms, Version 1.2
https://www.sogis.eu/documents/cc/crypto/SOGIS-Agreed-Cryptographic-Mechanisms-1.2.pdf