At 10:14 AM +0100 6/4/08, Gervase Markham wrote: >Paul Hoffman wrote: >> Proposal: >> a) Starting January 1 2009, all new CA roots must be 2048 bit RSA or 256 >> bit EC. > >Why January 1 2009 particularly?
No big reason. It gives us six months to agree. If we take longer, just add months to the date. >By new, do you mean newly-generated, or new to us? New to use. It truly doesn't matter when the certs are generated. >Has any CA actually attempted to get a recently-generated 1024-bit root >included? Dunno, but it doesn't really matter. > > b) Starting January 1 2014, all CA roots must be 2048 bit RSA or 256 bit >> EC. > >It would make most sense to coordinate such a policy with other browser >vendors, if possible. Sure, but we could also be the leaders. --Paul Hoffman _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
