On 21/12/13 22:22, Kathleen Wilson wrote:
On 12/20/13 11:45 AM, Rob Stradling wrote:
To me, "cert revocation" means replying "revoked" via OCSP for that
cert's serial number, and also adding that cert's serial number to the
CRL.
I understand that new versions of browsers will stop accepting 1024-bit
certs and that site operators will naturally stop using 1024-bit certs.
But neither stopping using nor stopping accepting are the same thing
as revocation.
My question is simple: Will CAs need to revoke all unexpired 1024-bit
certs by the cut-off date?
If "Yes", where is this requirement written?
If "No", please simply reply "No".
No.
To my knowledge there is not a written requirement for CAs to revoke all
unexpired 1024-bit certs by a cut-off date.
Kathleen, thanks for clarifying.
<snip>
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
