Re: Modulus length (was Re: Draft CA information checklist)

Paul Hoffman wrote: > I was arguing that people > who have weak locks on their doors should not bothering upgrading some > of the weak locks until they upgrade all of them. That's right strictly from the security perspective. But that requires that you have all locks under your control and you

Re: Modulus length (was Re: Draft CA information checklist)

Paul Hoffman wrote: > > Let's talk specifics. Greatly appreciated. > The Verisign "Class 3 Public Primary Certification > Authority", which is widely used to create popular SSL certs on the > Internet (see ), has a 1024-bit RSA key and has > an expiration date of Aug

Re: Modulus length (was Re: Draft CA information checklist)

Eddy Nigg (StartCom Ltd.) wrote: > Paul, I think that the general idea (of Frank and others) is, to make a > requirement on new roots and act on the 1024 bit keys at some point in > the future. I also support the idea of throwing out 1024 bit keyed roots at a not so distant point in the future.

RE: Problems importing pkcs12 keystore to NSS

You were right about the absence of a certificate in generated with JKS format client.private file. But unfortunately, attempt to generate the self-signed certificate for the keystore, then converting it to PKCS12 format (client.privatepkcs12) and finally, import it to NSS database result with