On 11/12/13 22:31, Kathleen Wilson wrote:
<snip>
According to https://wiki.mozilla.org/CA:MD5and1024
"All end-entity certificates with RSA key size smaller than 2048 bits
must expire by the end of 2013.
Kathleen, are you saying that "must expire by the end of 2013" is a
"revocation requirement" ?
Expiration != Revocation.
Is there actually a requirement that says "By the end of 2013, CAs MUST
revoke all unexpired certificates with <2048-bit RSA keys" ?
If so, where is it written and when was it communicated to the CAs?
(If it's not actually written anywhere, then can you actually enforce it?)
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
