Is there an updated request in the queue for O=ABC.ECOM, INC? That one expires 7/9/2009, which is less than a month from now.
Are we going to enforce a 2048-bit root requirement after Dec 31, 2010 (per NIST non-classified recommendation)? If so, we need to get the Digital Signature Trust Co Global CAs to update. The DSTCA X1 and DSTCA X2 CAs (page 3, bottom) have already expired in 2008. Are they going to be removed? We've already had discussion why MD5 on the root isn't worrisome or bothersome. I'm assuming that there are no attributes of the certificate which contains the trust anchor which are actually checked, and that the trust-bits are effectively set on the key included in the certificate itself? -Kyle H On Mon, Jun 22, 2009 at 1:11 PM, Kathleen Wilson<kathleen95...@yahoo.com> wrote: > Based on the Firefox 3.5 beta, I created a table of all of the CAs > that are Builtin Object Tokens. It is posted at: > https://wiki.mozilla.org/CA:Overview > which has a link called "List of included root certificates" which > points to > https://wiki.mozilla.org/images/c/ce/BuiltIn-CAs.pdf > > I look forward to feedback and recommendations on this. > > Kathleen > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
