etully thanks for your input on this and sorry to disappear for so long. you can in fact create a key pair without a passphrase -- it'll just ask you for the passphrase a few times. It is my understanding that the point of the passphrase is to encrypt your private key so that you don't just have your private key lying around in a file somewhere.
I have since generated a 2048-bit key. That link I posted in my OP says that 2048 bits is the recommended size:
Retail customers Note: The recommended key bit size is 2048-bit. All certificates that will expire after October, 2013 must have a 2048 bit key size.
The point of my post was to try and discover whether or not encryption standards might have evolved since these old pages were posted. Encryption vs. hackers always seems to be an arms race. As for DES3, I've read that it is has been superceded by AES:
DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small; in January, 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes (see chronology). There are also some analytical results which demonstrate theoretical weaknesses in the cipher, although they are infeasible to mount in practice. The algorithm is believed to be practically secure in the form of Triple DES, although there are theoretical attacks. In recent years, the cipher has been superseded by the Advanced Encryption Standard (AES). Furthermore, DES has been withdrawn as a standard by the National Institute of Standards and Technology (formerly the National Bureau of Standards).
.
Obviously, if I'm buying a cert that's supposed to last for years, I'd like the latest/greatest.
