At 2:12 PM -0700 4/30/07, Robert Relyea wrote: >I don't see a way around the legacy 1024 bit certs, but I would >definately want to see wording that will discourage the issuance of >new root certs that are less than 2048.
From a cryptographic standpoint, such a policy would not make sense. All root certs are treated equivalently by Mozilla for validating domain names. Therefore, as long as there is even one root cert with a 1024-bit key, Mallory would attack that one cert and, if successful, issue bogus certificates with the compromised key. If we make a rule about signature strength, it has to apply equally to every root certificate in the set; otherwise, the rule will have no effect on the security of the system. --Paul Hoffman _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto