On 5/15/10 10:48 AM, Nelson B Bolyard wrote:
On 2010-05-15 01:35 PDT, Wan-Teh Chang wrote:
On Fri, May 14, 2010 at 11:18 PM, Nelson B Bolyard<[email protected]> wrote:
I looked through PSM for such a warning briefly. I found a warning for
sites that use symmetric encryption of strength<= 90 bits, but I found
nothing that specifically looks at public key strength. If I know the
exact text of the warning to which you're referring, I can tell exactly
what triggers it.
I remember John Myers was interested in or work on the weak
server key/cert issue. But the only bug I can find is
https://bugzilla.mozilla.org/show_bug.cgi?id=31896
which might be what Nelson found.
Yes, I found the code that was added for that bug.
So PSM may not be warning about a weak server key/cert.
Wan-Teh
So, is it the case that PSM is not actually checking for 512-bit certs?
Thanks,
Kathleen
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
