In January 2010, InCommon Operations announced that all certificates in metadata must have at least 2048-bit keys by the end of December 2012. While all new certificates are now required to have at least 2048-bit keys, there are a number of certificates in metadata with keys less than 2048 bits. These must be replaced ASAP but no later than December 2012.
InCommon is providing guidance on this process, including a list (updated daily) of certificates in metadata with 1024-bit keys, and how to migrate to new certificates containing 2048-bit keys.