On 11/5/2015 11:10 AM, Kathleen Wilson wrote: > On 11/5/15 10:58 AM, David E. Ross wrote: >> >> Rather than list acceptable key types and sizes, cite the Baseline >> Requirements along with listing exceptions, both types and sizes that >> are not supported but are in the BR and types and sizes that are >> supported but are not in the BR. I would not be surprised if the latter >> would be an empty list. >> > > > That would look like: > ~~ > 8. We consider the algorithms and key sizes specified in section 6.1.5 > of version 1.3 or later of the CA/Browser Forum Baseline Requirements > for the Issuance and Management of Publicly-Trusted Certificates to be > acceptable and supported in Mozilla products; with the following exceptions. > - Mozilla does not support DSA keys > ~~ > > Correct? > > Thanks, > Kathleen >
Yes, that is what I meant. It is much shorter than listing what Mozilla supports and potentially reduces the need to update the policy when the BR is updated PROVIDING Mozilla indeed supports whatever the BR update contains. -- David E. Ross The Crimea is Putin's Sudetenland. The Ukraine will be Putin's Czechoslovakia. See <http://www.rossde.com/editorials/edtl_PutinUkraine.html>. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
