On 21/12/13 22:57, Phillip Hallam-Baker wrote:
I thought that what we were trying to do here is break a deadlock
where Cas wait for browsers and vice versa.
I have no trouble telling a customer with a 15 year 512 bit cert that
they need to change for a new one if they want it to work for ssl with
the browsers
Indeed. Everyone agrees.
Revoking it without their consent is a problem though.
Indeed. The subject of this thread is misleading. Kathleen's last post
clearly confirmed...
Rob: Will CAs need to revoke all unexpired 1024-bit certs by the cut-off
date?
Kathleen: No.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
