Nelson Bolyard wrote: > I propose that we add additional requirements to the policy for root CAs > that apply for inclusion in mozilla products. I propose that we require a > minimum key size for the root CA cert *AND* for any intermediate CA certs > issued by that root CA cert. Here's why.
I certainly agree about minimum key sizes for new roots. That's pretty much a no-brainer. I would also agree about intermediates (I don't think there would be an enforcement issue), except for the problem that Rick Andrews raised. I think the right approach is as follows: when we have cleared the backlog of CA applications, that is probably going to be a good time to revise the Mozilla Root Certificate Guidelines. We can put this idea, along with any others, forward for consideration. Anyone may comment, including CAs, and we will take decisions appropriately. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto