Paul Hoffman wrote: > > What about 1536-bit CA certs? This is a serious question. We need to > understand whether or not the CAs we care about want this > intermediate size for any reason, or if we make the required size > after the cutoff to be 2048 bits.
I've never heard of anyone proposing 1536-bit CA certs. I've seen 2048-bit (and perhaps 4096-bit) CA certs and have seen 3072-bit CA certs mentioned in Draft FIPS 186-3. > Again, while we are at it, how about mandating SHA-246? We can safely > assume complete deployment of it within five years. I assume you meant SHA-256. If SHA-256 won't be made available in Windows XP, this is equivalent to assuming complete replacement of Windows XP within five years (when Windows XP is 10-11 years old). That's a tough question. Wan-Teh _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
