On 06/21/2014 07:15 PM, Kurt Roeckx wrote:
But I would like to start enforcing the 2048 bit as soon as
possible. Do we have some criteria for at which point we're
willing to break compatibility?
I'm in favor of enforcing it which will help reduce even mistakenly
issued certificates with
On 21/06/14 17:15, Kurt Roeckx wrote:
There are still a few new certificates generated with 1024 bits.
I've been filing bugs about those and there were only a few so
far this month.
Thank you for doing this work; it really is appreciated.
Gerv
On Sat, Jun 21, 2014 at 05:37:20PM -0700, David E. Ross wrote:
There are still a few new certificates generated with 1024 bits.
I've been filing bugs about those and there were only a few so far this
month. Maybe we can set a date from which we won't be accepting
certificates with a
Hi,
The CA/B baseline requirement say that all RSA keys that are used
since since 1 january 2014 should have been at least 2048 bit.
All shorter than 2048 should have either expired or been revoked
by that date. But it's still not the case. We're currently
around 0.24% of the certificates that
+jeremy.rowley=digicert.com@lists.mozilla
.org] On Behalf Of Kurt Roeckx
Sent: Saturday, June 21, 2014 10:15 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Only accepting 2048 bit or better certificates
Hi,
The CA/B baseline requirement say that all RSA keys that are used since
since 1
-policy
[mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla
.org] On Behalf Of Kurt Roeckx
Sent: Saturday, June 21, 2014 10:15 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Only accepting 2048 bit or better certificates
Hi,
The CA/B baseline
6 matches
Mail list logo