Victor Duchovni victor.ducho...@morganstanley.com writes:
What are EE certs, did you mean EV?
End-entity certs, i.e. non-CA certs. This means that potentially after the
end of this year and definitely after 2013 it will not be possible to use any
key shorted than 2048 bits with Firefox.
Matt Crawford craw...@fnal.gov writes:
EE = End Entity, but I don't read the first sentence the way Peter did.
As I mentioned in my previous followup, it's badly worded, but the intent is
to ban any keys 2K bits of any kind (currently with evolving weasel-words
about letting CAs certify them
From https://wiki.mozilla.org/CA:MD5and1024:
December 31, 2010 - CAs should stop issuing intermediate and end-entity
certificates from roots with RSA key sizes smaller than 2048 bits [0]. All
CAs should stop issuing intermediate and end-entity certificates with RSA
key size smaller than
On Wed, Oct 06, 2010 at 04:52:46PM +1300, Peter Gutmann wrote:
Right, because the problem with commercial PKI is all those attackers who are
factoring 1024-bit moduli, and apart from that every other bit of it works
perfectly.
_If_ Mozilla and the other browser vendors actually go through
On Wed, Oct 06, 2010 at 04:52:46PM +1300, Peter Gutmann wrote:
From https://wiki.mozilla.org/CA:MD5and1024:
December 31, 2010 - CAs should stop issuing intermediate and end-entity
certificates from roots with RSA key sizes smaller than 2048 bits [0]. All
CAs should stop issuing
On Oct 6, 2010, at 10:48 AM, Victor Duchovni wrote:
On Wed, Oct 06, 2010 at 04:52:46PM +1300, Peter Gutmann wrote:
From https://wiki.mozilla.org/CA:MD5and1024:
December 31, 2010 - CAs should stop issuing intermediate and end-entity
certificates from roots with RSA key sizes smaller
Jack Lloyd ll...@randombit.net writes:
On Wed, Oct 06, 2010 at 04:52:46PM +1300, Peter Gutmann wrote:
Right, because the problem with commercial PKI is all those attackers who are
factoring 1024-bit moduli, and apart from that every other bit of it works
perfectly.
_If_ Mozilla and the
On Wed, 6 Oct 2010, Matt Crawford wrote:
[[...]]
I found it amusing that this message was accompanied by an S/MIME
certificate which my mail client (alpine) was unable to verify, resulting
in the error messages
[Couldn't verify S/MIME signature: certificate verify error]
[ This
On Wed, Oct 06, 2010 at 01:32:00PM -0500, Matt Crawford wrote:
That is, if your CA key size is smaller, stop signing with it.
You may have missed the next sentence of Mozilla's statement:
All CAs should stop issuing intermediate and end-entity certificates with
RSA key size smaller than 2048