The validity period of newly issued Mobile-ID certificates shall be limited starting from May 1st 2014
During the next few days, the government of Republic of Estonia should adopt a decree describing the details of issuance of the digital identity document in the form of Mobile-ID. According to the draft of this decree, newly issued Mobile-ID certificates during the period of May 1st 2014 to December 31st 2014 shall be issued with a limited period of validity. Instead of three-year validity period currently in use, the issued certificates will all be expiring on December 31st 2016.
This step is a part of a plan aiming towards limiting the distribution of certificates issued to keys generated using 1024 bit RSA algorithm. As the degree of security of 1024 bit RSA algorithms is expected to decrease over the next few years, a stronger algorithm for key generation of Mobile-ID certificates must be adopted. The study (in Estonian) about the area of use and life cycles of cryptographic algorithms is available here.
The plan is to adopt a stronger cryptography algorithm from the beginning of 2015 for the Mobile-ID certificates. More detailed information will be made available as soon as possible.