The VeriSign "Class 3 Public Primary Certification Authority - G2" is also 1024-bit.
---------------------------------------- > Date: Sat, 12 Dec 2015 20:07:57 -0500 > Subject: RE: Remove trust of Symantec's Class 3 Public Primary Certification > Authority? > From: [email protected] > To: [email protected] > CC: [email protected]; [email protected] > > The G2 root identified by Peter is 2048-bit. > > -- Eric > On Dec 12, 2015 7:56 PM, "Yuhong Bao" <[email protected]> wrote: > >> I think this and most of the other 1024-bit roots was removed or >> restricted to email in Mozilla some time ago (last remaining one is >> Equifax). They had been consider obsolete for a long time. >> >>> Date: Sun, 13 Dec 2015 00:41:45 +0100 >>> From: [email protected] >>> To: [email protected] >>> Subject: Remove trust of Symantec's Class 3 Public Primary >> Certification Authority? >>> >>> Hi, >>> >>> It seems that Symantec will stop using the "VeriSign G1" root >>> certificate. In the announcement[1] they say: "Browsers may >>> remove TLS/SSL support for certificates issued from these roots." >>> >>> The name of the certificate seems to be "Class 3 Public Primary >>> Certification Authority". >>> >>> It seems google plans[2] to remove the TLS trust bits, and distrut >>> it instead. >>> >>> The announcement says that it's also used for code signing, but >>> it's not clear that it's still going to be used for that or not. >>> >>> Should Mozilla follow and disable the TLS trust bits? Add it to >>> the distrusted list? >>> >>> >>> Kurt >>> >>> [1]: >> https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941&actp=LIST&viewlocale=en_US >>> [2]: >> https://googleonlinesecurity.blogspot.be/2015/12/proactive-measures-in-digital.html >>> >>> _______________________________________________ >>> dev-security-policy mailing list >>> [email protected] >>> https://lists.mozilla.org/listinfo/dev-security-policy >> >> _______________________________________________ >> dev-security-policy mailing list >> [email protected] >> https://lists.mozilla.org/listinfo/dev-security-policy >> > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
