The G2 root identified by Peter is 2048-bit. -- Eric On Dec 12, 2015 7:56 PM, "Yuhong Bao" <yuhongbao_...@hotmail.com> wrote:
> I think this and most of the other 1024-bit roots was removed or > restricted to email in Mozilla some time ago (last remaining one is > Equifax). They had been consider obsolete for a long time. > > > Date: Sun, 13 Dec 2015 00:41:45 +0100 > > From: k...@roeckx.be > > To: mozilla-dev-security-pol...@lists.mozilla.org > > Subject: Remove trust of Symantec's Class 3 Public Primary > Certification Authority? > > > > Hi, > > > > It seems that Symantec will stop using the "VeriSign G1" root > > certificate. In the announcement[1] they say: "Browsers may > > remove TLS/SSL support for certificates issued from these roots." > > > > The name of the certificate seems to be "Class 3 Public Primary > > Certification Authority". > > > > It seems google plans[2] to remove the TLS trust bits, and distrut > > it instead. > > > > The announcement says that it's also used for code signing, but > > it's not clear that it's still going to be used for that or not. > > > > Should Mozilla follow and disable the TLS trust bits? Add it to > > the distrusted list? > > > > > > Kurt > > > > [1]: > https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941&actp=LIST&viewlocale=en_US > > [2]: > https://googleonlinesecurity.blogspot.be/2015/12/proactive-measures-in-digital.html > > > > _______________________________________________ > > dev-security-policy mailing list > > dev-security-policy@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-security-policy > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy