* Kyle Hamilton: > I would suggest requiring all new roots approved to state that they do > not and will not use MD5 in any newly-minted certificate (except > possibly in a configuration like the TLS pseudo-random function).
If they issue certificates for sub-CAs, they have no technical means to enforce this. (I'm not sure if this matters, but it blends nicely with the other thread.) _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
