Rob Stradling:
Additionally, most of the times the old and the new root will be both
present in NSS for some time in order to allow a smooth transition,
until the old root is being removed.
Eddy, I think you've missed the main point of my proposal. I am suggesting
that each existing valid-for-too-long 1024-bit RSA Root Certificate should be
replaced with a valid-for-not-too-far-beyond-2010 1024-bit RSA Root
Certificates *WITH THE SAME KEY*.
Sorry Rob, yes I missed that one. But why doing that? Why not replace
with something better and remove the "offending" root? Perhaps I'm not
objective enough because we actually replaced a small key with a bigger
one. What's the logic for having a pile of roots which expire in 2010?
Sorry for being slow...can you explain to me the logic of your proposal
(again)?
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto