----- Original Message ----- > From: "Kurt Roeckx" <[email protected]> > To: [email protected] > Sent: Monday, July 7, 2014 1:46:18 PM > Subject: Re: Removal of 1024 bit CA roots - interoperability > > On 2014-07-07 13:29, Hubert Kario wrote: > > ----- Original Message ----- > >> From: "David E. Ross" <[email protected]> > >> Why should Mozilla provide cover for server administrators who fail to > >> update their servers and for certification authorities who fail to > >> communicate clearly with their customers? I believe such action will > >> only encourage further such failures. > > > > Because it is Mozilla that distrusts 1024 bit RSA CA keys ahead of > > CA/Browser forum schedule: > > > > " Root CA Certificate issued prior to 31 Dec. 2010 with an RSA > > key size less than 2048 bits MAY still serve as > > a trust anchor for Subscriber Certificates issued in accordance > > with these Requirements." > > > > There is no date as to when 1024 bit RSA roots are to be untrusted, > > unlike the intermediate certificates which all *do* have a hard date: > > 31st December 2014. > > That's 31st December 2013.
yes, 2013, miss-pressed a key -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Email: [email protected] Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
