Paul Hoffman wrote: > At 2:12 PM -0700 4/30/07, Robert Relyea wrote: >> I don't see a way around the legacy 1024 bit certs, but I would >> definately want to see wording that will discourage the issuance of >> new root certs that are less than 2048. > > From a cryptographic standpoint, such a policy would not make sense.
You are correct in the strict sense. However IMO getting rid of 1024-bit certs will not be a one-time event where we remove all such certs, instead we have to plan for a transitional period as CAs phase out the use of old root CA certs and start issuing certs under new root CA certs. During that transition period it makes policy sense (if not cryptographic sense) to discourage inclusion of new 1024-bit root CA certs while allowing old ones to remain for a little while longer. So if we do change our CA policy to reflect current thinking on modulus length I think we should do two things: 1. Stop accepting new 1024-bit CA certs immediately (or at least very soon). 2. Set a target date (or dates) for removal of legacy 1024-bit CA certs. (This can also encompass looking at intermediate CA certs and related issues, of course.) Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
