Thank you Clint and Aaron, this is helpful. Here is what I propose:
In the case of Debian weak keys vulnerability ([
> https://wiki.debian.org/SSLkeys)]), the CA SHALL reject all keys found at
> [https://github.com/cabforum/debian-weak-keys/] for each key type (e.g.
> RSA, ECDSA) and size listed
Hi Wayne,
That was indeed my intent, but I’m happy with the proposal either way.
Thank you,
-Clint
> On Apr 12, 2024, at 12:33 PM, Wayne Thayer wrote:
>
> Thank you Clint and Aaron, this is helpful. Here is what I propose:
>
>> In the case of Debian weak keys vulnerability
>>
I've updated https://github.com/wthayer/servercert/pull/1/files as follows
to exclude large key sizes:
In the case of Debian weak keys vulnerability (
> https://wiki.debian.org/SSLkeys)), the CA SHALL reject all keys found at
> https://github.com/cabforum/debian-weak-keys/ for each key type (e.g.