Two new alternatives have been proposed in addition to the one I proposed
below:
* Aaron Gable commented in the PR with a suggestion that we require CAs to
reject any key found in Hanno Bock's repository at
https://github.com/badkeys/debianopenssl. This includes RSA
1024/2048/3072/4096 and EC
Server Certificate Working Group - 14 March 2024
Attendees: Aaron Poulsen - (Amazon), Adam Jones - (Microsoft), Adrian
Mueller - (SwissSign), Antti Backman - (Telia Company), Brianca Martin -
(Amazon), Bruce Morton - (Entrust), Chris Clements - (Google), Clint Wilson
- (Apple), Corey Rasmussen -
Hi Martijn,
Thank you for your review and comments, especially as suggested commits!
This is helpful feedback in clarifying the expectations of the Ballot, and
we’ve responded to them directly on GitHub [1]. We also staged [2] these
updates in and a separate branch [3] to avoid any confusion