On Sat, Jun 21, 2014 at 05:37:20PM -0700, David E. Ross wrote: > > > > There are still a few new certificates generated with 1024 bits. > > I've been filing bugs about those and there were only a few so far this > > month. Maybe we can set a date from which we won't be accepting > > certificates with a smaller than 2048 bit key generated after that date? > > > > Should I put an effort into trying to get those certificates that are still > > seen revoked? > > Bug reports have been filed for each non-complying root certificate. > See the following bugs: 1015767, 1015770, 1015771, 1015772, 1015773, > 1026128, and 1026741.
Those are based on who still generated new certificates recently, and as far as I know I didn't see them generate any new ones since I filed those bugs. The question is if I should also do it for older certificates. Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
