On Mon, Mar 9, 2009 at 1:51 PM, <kathleen95...@yahoo.com> wrote: > Summary of Information Gathered and Verified: > > https://bugzilla.mozilla.org/attachment.cgi?id=362354 > > Some quick comments regarding noteworthy points: > > * The TC TrustCenter Class 1 CA root has four internally-operated > subordinate CAs which issue certificates for email and SSL client > authentication. Only the email trust bit is requested for this root. > Note that this root is 1024 bit and it expires in January, 2011. TC > TrustCenter will phase out this root before the end of 2010. This root > will be effectively replaced by TC TrustCenter Universal CA I. They > are still requesting inclusion of this root because there are many > customers who are using certificates chained to this root for secure > email with Thunderbird.
The original comment/response was: “One of your roots is only 1024 bit. NIST recommend that all such roots byphased out by the end of 2010, yet this root expires at the end of 2011. Whatis your current end-of-life plan with regard to this root?” “The TC TrustCenter Class 1 CA expiring beginning of 2011 will be effectively replaced by TC Universal I. TC TrustCenter Class 2 II and TC TrustCenter Class 3 II will replace the TC TrustCenter Class 2 and TC TrustCenter Class 3 roots. We'll phase out the 1024 bit roots before end of 2010.” The "Valid To" date is set to 01/01/2011 on this root, and thus pretty much avoids the NIST recommendation since it is only valid until the day after 2010 ends, and I do not perceive this as a problem. Do they have a target date to phase out the Class 2 and Class 3 roots in favor of the Universal root? I have performed no other evaluation of the request at this time, and I have not read the CPSes. Metacomment: May I ask that in the summaries, the dates be formatted as YYYY.Mmm.DD (2011.Jan.01)? I'm a US user, and wasn't expecting DD.MM.YYYY formatting. (If it's always going to be European date formatting it's fine, but having the year first helps for simple list-sorting.) -Kyle H -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
