Hubert Kario <hka...@redhat.com> wrote: > Brian Smith wrote: >> It depends on your definition of "help." I assume the goal is to >> encourage websites to migrate from 1024-bit signatures to RSA-2048-bit >> or ECDSA-P-256 signatures. If so, then including the intermediates in >> NSS so that all NSS-based applications can use them will be >> counterproductive to the goal, because when the system administrator >> is testing his server using those other NSS-based tools, he will not >> notice that he is depending on 1024-bit certificates (cross-signed or >> root) because everything will work fine. > > The point is not to ship a 1024 bit cert, the point is to ship a 2048 bit > cert. > > So for sites that present a chain like this: > > 2048 bit host cert <- 2048 bit old sub CA <- 1024 bit root CA > > we can find a certificate chain like this: > > 2048 bit host cert <- 2048 bit new cross-signed sub CA <- 2048 bit root CA > > where the cross-signed sub CA is shipped by NSS
Sure. I have no objection to including cross-signing certificates where both the subject public key and the issuer public key are 2048 bits (or more). I am objecting only to including any cross-signing certificates of the 1024-bit-subject-signed-by-2048-bit-issuer variety. It has been a long time since we had the initial conversation, but IIRC both types of cross-signing certificates exist. Cheers, Brian _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
