At 11:02 AM -0400 5/30/08, Frank Hecker wrote: >I'd be glad to soften the language >about "cause for concern", but I still want to flag 1024-bit roots as >worthy of a further explanation. (E.g., is this a root created some time >ago that is only now being proposed for inclusion? Was/is the root >intended for use in low-end devices where performance was deemed an >issue? Did the CA not think about the issue of modulus length at all? >And so on.)
Ah! That sounds reasonable. "Cause for further checking" covers that without making it seem that we're concerned just about the length. BTW, I would flag *all* ECC certs with "Cause for further checking" due to the very low amount of interop testing that has been done with them. Again, not to say "don't do this", just "we want to ask a few questions that might start a dialog". --Paul Hoffman _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
