Paul Hoffman:
Unless we want to put a lower limit on the key size used in our CA
pile, saying that some (most!) of the ones we accept are "of concern"
is confusing at best.
Paul, I think that the general idea (of Frank and others) is, to make a
requirement on new roots and act on the 1024 bit keys at some point in
the future.
For example StartCom will request by 2010 to remove its 1024 bit key
from NSS and we stopped issuing from our old root since this month.
Officially and effectively as per 1st of June 2008 no new certificates
are issued from that root since we've successfully transitioned to the
newer 4096 bit root.
As I understood from previous discussions, such transitions will be
encouraged and at some point mandated. Therefore it makes no sense to
accept 1024 bit keys anymore and make stronger keys a requirement for
inclusions.
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
