Re: Only accepting 2048 bit or better certificates

On 6/21/2014 11:37 AM, Jeremy Rowley wrote: > I think getting them revoked would be the first step. If you make the data > available about which CAs still have 1024 bit certs or lower, we could email > the CAs and find out what is going on. > > Jeremy > > -Original Message- > From: dev-s

RE: Only accepting 2048 bit or better certificates

I think getting them revoked would be the first step. If you make the data available about which CAs still have 1024 bit certs or lower, we could email the CAs and find out what is going on. Jeremy -Original Message- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.ro

13 May 2014 Communication

I noticed in the bug reports for requesting new root certificates added to the NSS database that the CAs for several such certificates have failed to answer . I hope this means the requests are placed on hold and bypassed in the review que

Only accepting 2048 bit or better certificates

Hi, The CA/B baseline requirement say that all RSA keys that are used since since 1 january 2014 should have been at least 2048 bit. All shorter than 2048 should have either expired or been revoked by that date. But it's still not the case. We're currently around 0.24% of the certificates that a